Dutch Ministry of Finance takes treasury systems offline amid cyber incident investigation

The Dutch Ministry of Finance took treasury banking portal offline after a cyberattack; core tax systems were not affected.

The Dutch Ministry of Finance took parts of its infrastructure offline, including the treasury banking portal, after detecting a cyberattack two weeks earlier.

The Dutch Ministry of Finance disclosed a cyberattack detected on March 19 after a third-party alert. Attackers breached some internal systems, the incident impacted a “portion of the employees”.

The security breach is currently under investigation. Authorities clarified that systems used to manage tax operations were not impacted, limiting the scope of disruption.

“The Ministry of Finance’s ICT security detected unauthorized access to systems for a number of primary processes within the policy department on Thursday, March 19.” reads the statement issued by Dutch Ministry of Finance. “Following the alert, an immediate investigation was launched, and access to these systems has been blocked as of today. This affects the work of a portion of the employees.”

The Ministry pointed out that services for citizens and businesses, including tax, customs, and benefits, remain unaffected.

“Services to citizens and businesses provided by the Tax and Customs Administration, Customs, and Benefits have not been affected.” continues the report.

The Dutch Ministry of Finance did not disclose technical details about the attack, and no cybercrime group has claimed responsibility so far.

In a statement to the Dutch House of Representatives, Minister of Finance Eelco Heinen said that, due to a forensic investigation, the Dutch Ministry of Finance has taken several systems offline, including the treasury banking portal, which has affected about 1,600 public entities that cannot access balances or key functions. Funds remain accessible and payments continue via normal channels, with essential services handled manually. Heinen added that enhanced security measures are in place, while investigations involve the NCSC, forensic experts, police, and the Data Protection Authority.

“Due to the ongoing forensic investigation and for security reasons, several systems have been temporarily taken offline, including the digital treasury banking portal. As a result, approximately 1,600 public institutions that hold funds with the Ministry of Finance are currently unable to view the balance of their treasury accounts digitally.” reads the statement. “Participants in treasury banking include ministries, agencies, legal entities with statutory tasks, educational institutions, social funds, and local governments. Additionally, it is temporarily not possible for participants to request loans, deposits, or credit, modify intraday limits, or generate reports via the portal.”

Participants retain full access to funds, and payments continue normally via standard banking channels, with essential services supported manually if needed. The duration of the disruption is still unknown. Enhanced security and monitoring are in place, while investigations involve the National Cyber Security Centre, forensic experts, police cybercrime units, and the Data Protection Authority.

In October 2024, the Dutch police blamed a state actor for the recent data breach that exposed officers’ contact details, the justice minister told lawmakers. The incident took place on September 26, 2024, and the police have reported the security breach to the Data Protection Authority.

Threat actors broke into a police system and gained access to work-related contact details of multiple officers. The attackers had access to names, emails, phone numbers, and some private information belonging to police officers.

Dutch intelligence agencies believe it is highly likely that a state actor was behind the data breach.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Dutch Ministry of Finance)