Dutch authorities have confirmed that multiple government bodies were impacted by cyber attacks exploiting recently disclosed zero day vulnerabilities in Ivanti Endpoint Manager Mobile. In a notice sent to parliament on Friday, Dutch Data Protection Authority and Council for the Judiciary stated that their systems were accessed by unauthorized actors following exploitation of flaws in the mobile device management platform. The disclosure places the Netherlands among a growing list of European institutions reporting exposure linked to Ivanti EPMM, raising concerns about the security of deeply embedded enterprise systems used across public sector environments.
According to the notice, National Cyber Security Center was informed by Ivanti on January 29 about critical vulnerabilities in EPMM, a platform widely used to manage mobile devices, applications, and related security controls. Subsequent investigations confirmed that work related data belonging to employees of Dutch Data Protection Authority had been accessed. The compromised information included names, business email addresses, and telephone numbers. While authorities emphasized that the exposed data was limited to professional contact details, the incident highlighted how quickly attackers were able to exploit the flaws after disclosure. No technical details were shared regarding the attack chain, though officials indicated the activity was consistent with known exploitation of Ivanti EPMM vulnerabilities.
The situation extends beyond the Netherlands. European Commission also revealed that its central mobile device management infrastructure detected traces of a cyber attack that may have resulted in access to staff names and mobile phone numbers. The Commission stated that the incident was identified and contained within nine hours and that there was no evidence of mobile devices themselves being compromised. It added that it continues to closely monitor its systems and will take all necessary measures to maintain internal security. Although the Commission did not publicly name the vendor involved, the timing and nature of the activity strongly suggest a connection to the Ivanti EPMM zero day exploitation reported by other European entities.
Finland has also reported a significant breach tied to the same issue. Valtori, the state information and communications technology provider for Finland’s public administration, disclosed that work related details of up to 50,000 government employees were exposed. The breach was identified on January 30, 2026, and was attributed to a zero day vulnerability in its mobile device management service. Valtori confirmed it applied corrective patches on January 29, the same day Ivanti released fixes for CVE-2026-1281 and CVE-2026-1340, both rated with a CVSS score of 9.8. These vulnerabilities could allow unauthenticated remote code execution, giving attackers extensive control over affected systems. Ivanti has acknowledged that the flaws were exploited as zero days and stated that only a very limited number of customers were affected, though it has not provided an updated count of impacted organizations.
Further investigation revealed that attackers gained access to operational data within the management systems, including names, work email addresses, phone numbers, and device information. Valtori also disclosed that its management system did not permanently delete removed data, instead marking it as deleted. As a result, device and user data belonging to all organizations that had used the service throughout its lifecycle may have been exposed, with some devices potentially linked to multiple users over time. Commenting on the broader implications, watchTowr CEO Benjamin Harris described the attacks as a precision campaign carried out by highly skilled and well resourced actors. He warned that systems traditionally assumed to be internal or safe should now be treated with caution, emphasizing that rapid detection and containment are critical factors in preventing widespread operational disruption.
Follow the SPIN IDG WhatsApp Channel for updates across the Smart Pakistan Insights Network covering all of Pakistan’s technology ecosystem.
