An ongoing investigation into a security breach at the Dutch Custodial Institutions Agency (DJI) has revealed that attackers had access to the agency’s Ivanti EPMM server for five months. State Secretary of Justice and Security, Van Bruggen, confirmed the investigation in response to parliamentary questions. The full extent of the data breach is still being determined.
Sensitive Employee Data Compromised
The attackers gained access to sensitive information belonging to DJI employees, including names, email addresses, phone numbers, and location data. The compromised server, an Ivanti Endpoint Manager Mobile (EPMM), is used for mobile device management, allowing organizations to remotely manage their employees’ mobile devices. Unauthorized access to such a system can have far-reaching consequences, as it provides a gateway to a wide range of sensitive data and communications. The long duration of the breach raises concerns about the potential for extensive data exfiltration and misuse of the compromised information. For more information on how state-sponsored attacks can leverage ambiguity, see our article on cyberwarfare and delayed attribution.
Risk of Blackmail and Extortion
Due to the nature of their work, DJI employees face an elevated risk of blackmail and extortion if their personal information falls into the wrong hands. State Secretary Van Bruggen acknowledged these risks and stated that security measures have been implemented to protect the affected employees. A response plan has been provided to all DJI staff, and the National Cyber Security Centre (NCSC) has developed a set of actions based on the preliminary findings of the forensic investigation. The incident highlights the critical importance of robust cybersecurity measures within government agencies and the potential for real-world harm when such systems are compromised. To learn more about how data breaches can impact individuals, read our recent story on the Basic-Fit data breach.
Investigation and Future Measures
The investigation into the Ivanti hack is ongoing, and a full evaluation and cause analysis will be conducted once it is completed. The findings will be used to improve security protocols and prevent similar incidents in the future. The DJI has already implemented technical and monitoring measures based on the NCSC’s recommendations. The incident serves as a stark reminder of the persistent threat of cyberattacks against government institutions and the need for continuous vigilance and adaptation in the face of evolving cyber threats.
