Skip to main content
Netherlands News in English

Main navigation

  • Top stories
  • Health
  • Crime
  • Politics
  • Business
  • Tech
  • Culture
  • Sports
  • Weird
  • 1-1-2
Image
Data privacy
Data privacy - Credit: maxkabakov / DepositPhotos - License: DepositPhotos
Business
Tech
Custodial Institutions Agency
DJI
Data leak
dutch data protection authority
Council for the Judiciary
NCSC
d66
Claudia van Bruggen
cabinet meeting
Friday, 27 February 2026 - 12:50

Share this article:

Major data breach hits Custodial Institutions Agency, staff details exposed

A data breach has compromised the personal details of employees at the Custodial Institutions Agency (DJI). According to a spokesperson, who responded after reports by Argos, the leaked information consists of staff email addresses, telephone numbers, and security certificates.

At the beginning of the month, the Dutch Data Protection Authority (AP) and the Council for the Judiciary (Raad voor de rechtspraak) disclosed a data breach caused by a security flaw at ICT supplier Ivanti. Authorities have since confirmed that the DJI was likewise impacted.

Reporting by Argos indicates that hackers were inside DJI’s internal network for no less than five months and could potentially still retain access. By taking advantage of a security flaw in Ivanti Endpoint Manager Mobile, a platform for centrally controlling business smartphones, laptops, and tablets, the attackers were able to do more than just access information. They could also remotely control or erase devices.

“The cause of the data breach and cyber incident is currently under investigation,” the DJI spokesperson said. The National Cyber Security Centre (NCSC) has been notified.

State Secretary Claudia van Bruggen of D66 indicated that little information can yet be shared about the incident. Speaking ahead of the Cabinet meeting, she said the situation is concerning given the government’s duty to protect its employees, while emphasizing that DJI personnel face no danger from the breach.

With a workforce of 16,000, the DJI operates 50 facilities throughout the Netherlands, including prisons, youth detention centers, and tbs clinics.

Authorities have not yet confirmed whether the attackers were able to access mobile device location data. Because such data is typically stored in the breached database, DJI has instructed staff to switch off location tracking on their devices as a precaution.

Reporting by ANP and NL Times

More like this

Image
Cybercrime
Data Protection Authority in hot water: personal info leaked amidst security oversight
Image
Gurneys in a hospital corridor
Hospital patient data may have leaked in Chipsoft hack, sources say
Image
Jaitsen Singh in a scene from the 2023 documentary series, Een Amerikaanse Nachtmerrie, also known as, The Singh Case, from director Hans Pool
Jaitsen Singh back in the Netherlands after nearly 42 years in a U.S. prison
Image
Odido's headquarters building in The Hague. Undated
Odido cyber attack: Hackers gained access to 6.2 million people's data
Make NL Times your top Google source

Follow us:

Latest stories

  • Dutch authorities have high hopes for new DNA techniques in solving old sex crimes
  • Serious violence cases rise in amateur soccer: Teeth lost, part of ear bitten off
  • New summer course boosts Dutch fluency and confidence in just two weeks
  • VVD again pushing ban on enforcement officers wearing headscarves, crosses
  • Woman seriously injured in Rotterdam industrial site stabbing; Suspect arrested

Top stories

  • Netherlands recruited 29 top scientist leaving U.S. under Trump
  • Police shoot armed man on Rotterdam street
  • Rotterdam train traffic back to normal after week-long outage
  • New-build home sales in Netherlands fall 19% as market cools
  • At least 8 illegal designer drug sites back online via a foreign domain

© 2012-2026, NL Times, All rights reserved.

Footer menu

  • Change Privacy Settings
  • Privacy Policy
  • Contact
  • Partner Content