NL Times reports:
The Dutch police knew about gaps in their cybersecurity before a Russian cyber group stole a large amount of police data in September 2024, according to research by Follow the Money. The hackers used vulnerabilities that the police had been warned about.
The hackers gained access through an employee’s email account and stole the contact details of almost all 65,000 police officers in the Netherlands. The hackers also had access to cops’ profile photos and personal data. The theft of this highly sensitive information caused major unrest.
Documents obtained by FTM through the Open Government Act revealed that an internal risk analysis from November 2022 raised concerns about the implementation and security of Microsoft’s “M365 cloud.” The police have been using this service for several years for chat and meeting programs like Teams. The risk analysis warns that the cloud entails “inherent” risks, and “state actors” in particular would be “very interested in gaining access to the cloud environment.”
Read more at NL Times.