Dutch Ministry of Finance Takes Systems Offline Following Cyberattack

The Dutch Ministry of Finance has taken several critical internal systems offline following the discovery of unauthorized access to its Information and Communication Technology (ICT) infrastructure in late March 2026.

Attack Timeline

The breach was first detected on March 19, 2026, when security teams identified unauthorized network intrusion targeting systems that support administrative processes within the ministry’s policy department.

After gathering new forensic insights and consulting external cybersecurity experts, the ICT security team made a deliberate decision on March 23, 2026, to shut down several key systems to stop further lateral movement and prevent data exfiltration.

The cyberattack primarily disrupted two areas:

• Treasury banking portal — the digital platform used by public institutions to monitor government account activity
• Internal policy systems — restricting workstation access for a portion of ministry staff

As a direct consequence, approximately 1,600 Dutch public institutions, including local municipalities, educational organizations, and government agencies, lost the ability to monitor their treasury account balances online.

Despite the disruption, the ministry confirmed that tax collection, customs operations, and benefits administration, all public-facing services, remained completely unaffected and fully isolated from the compromised network.

In a formal letter to the Dutch House of Representatives, Finance Minister Eelco Heinen confirmed that the attack significantly disrupted daily internal operations.

The incident response is being led by three key bodies:

• Dutch National Cyber Security Center (NCSC)
• Dutch National Police’s High Tech Crime Team
• External digital forensic analysts

The breach has also been formally reported to the Dutch Data Protection Authority (AP) due to the potential exposure of sensitive employee data.

As of now, no threat actor, APT group, or ransomware syndicate has publicly claimed responsibility for the attack.

No specific Indicators of Compromise (IOCs) have been released publicly. Threat intelligence analysts are closely monitoring the situation, as breaches targeting central government financial networks pose significant risks, including credential abuse and targeted phishing campaigns against government employees.

The Ministry has not yet provided a definitive timeline for the full restoration of the treasury banking portal or the completion of the ongoing forensic audit.

Investigators continue to assess the initial attack vector and the complete scope of the compromise.

Follow us on Google News , LinkedIn and X to Get More Instant Updates. Set Cyberpress as a Preferred Source in Google

The post Dutch Ministry of Finance Takes Systems Offline Following Cyberattack appeared first on Cyber Security News.