Data Breaches

Personal Data of Entire Dutch Town Stolen in Municipal Cyberattack

The municipality of Epe confirms a massive exfiltration event impacting nearly all 32,000 residents; authorities offer free identity document replacements as theft concerns mount.

EPE, NETHERLANDS — The municipality of Epe has officially confirmed that a cyberattack first detected in March 2026 resulted in the theft of personal data belonging to nearly all of its 32,000 residents. Following a month-long forensic investigation, local officials revealed that the scale of the breach is far more severe than initially suspected, effectively compromising the digital identities of an entire town.

Stolen datasets include names, addresses, dates of birth, and places of birth, along with highly sensitive Burger Service Numbers (BSN) — the Dutch equivalent of a Social Security number. For a subset of the population, hackers also exfiltrated bank account numbers and full copies of identity documents. Mayor Tom Horn addressed the community with a stark correction to the narrative: “People call it a leak, but it is theft.”

Breach Audit: Epe Municipal Data Theft

The investigation has confirmed that at least 1,000 identity documents were successfully copied by the attackers. While the Dutch police and national security agencies are investigating the source, officials noted that no ransom demand has been made and the data has not yet surfaced on known dark web leak sites.

Incident Profile: Epe Municipality (April 2026)
Audit Detail	Technical Finding
Scope of Impact	Approx. 32,000 residents — nearly the entire municipal population.
Compromised PHI/PII	BSN numbers, bank accounts, and 1,000+ ID document copies.
Remediation Offer	Free replacement of passports, ID cards, and driver’s licenses.

Identity-Fraud Risk and Remediation

To mitigate the risk of identity theft, the municipality has taken the extraordinary step of offering free replacements for any resident whose ID documents were confirmed as copied. This includes passports, national ID cards, and driver’s licenses.

The incident reflects a growing trend of "total town compromises," where the centralization of municipal services creates a single point of failure for thousands of citizens. This follows a similar vendor-based vulnerability pattern that recently impacted major financial institutions.

The CyberSignal Analysis

Signal 01 — The "No-Ransom" Anomaly

The absence of a ransom demand suggests the attackers may be motivated by long-term identity exploitation or espionage rather than immediate financial gain. When BSN numbers and ID copies are exfiltrated without a demand, it often signals that the data has already been sold privately or is being utilized for sophisticated "synthetic identity" fraud campaigns.

Signal 02 — Municipal Cyber Resilience

Epe’s decision to cover the cost of ID replacements sets a significant precedent for municipal risk management. While it addresses the immediate fraud risk, the financial burden on the local taxpayer will be substantial. This highlights the urgent need for Dutch municipalities to adopt more robust data governance frameworks to silo sensitive citizen data.

Sources

Type	Source
Lead News	DutchNews: Personal Data of Nearly All Residents Stolen
Regional Cover	NL Times: Major Breach Involving Personal Details
Global Insight	AA Europe: Dutch Town Personal Data Theft
Policy Context	DutchBrief: ID Documents Exposure
Technical Audit	News.az: 32,000 Residents Impacted

Minimalist white line art of a stylized router silhouette with a white Japanese rising sun icon overlaid on a solid crimson red background.

Tropic Trooper APT Targets Japanese Networks via Router Exploits

China-aligned espionage group G0081 evolves beyond traditional spear-phishing with SOHO router firmware attacks and domain-trust pivoting. TOKYO, JP — The persistent China-aligned threat actor known as Tropic Trooper (G0081) has significantly shifted its operational focus, moving beyond traditional spear-phishing to target Japanese government and critical infrastructure via router exploitation. Recent telemetry

Minimalist white line art of a hospital bed silhouette with a white skull and crossbones icon floating above it, on a solid blood red background.

Idaho Hospital Disrupted on Easter; Blackwater Ransomware Claims 577GB Stolen

Minidoka Memorial Hospital transferred emergency patients after an imaging outage; a new ransomware group demands payment for an alleged 2.3 million files. RUPERT, ID — A quiet Easter morning in rural Idaho was shattered on April 5, 2026, when Minidoka Memorial Hospital (MMH) fell victim to a cyberattack that paralyzed

Minimalist white line art of a military frigate silhouette with a white Bluetooth icon inside a postcard envelope overlaid in the corner, on a solid navy blue background.

$5 Postcard Tracker Compromises $585M Dutch Warship for 24 Hours

Journalist demonstrates naval mail screening flaw by mailing a Bluetooth device to NATO frigate HNLMS Evertsen; envelopes were not X-rayed like standard packages. THE HAGUE, NL — In a staggering demonstration of security asymmetry, a Dutch journalist has exposed a critical physical vulnerability within NATO naval operations. By mailing a $5

China-Linked GopherWhisper APT Hits 12 Mongolian Gov Systems Using Slack/Discord C2

ESET discovers a new espionage group abusing legitimate cloud services for command-and-control against strategically sensitive Mongolian targets. ULAN BATOR, MN — Researchers at ESET have uncovered a sophisticated, China-aligned espionage campaign targeting the Mongolian government. The threat actor, dubbed GopherWhisper, has successfully infected at least 12 government systems since late 2023,