Nearly all Epe residents affected by major data breach involving personal details

Data belonging to nearly all residents of the municipality of Epe was stolen during the data breach of March 12, the municipality reports following an investigation. The breach involved sensitive details such as names, addresses, birth information, gender, and BSN numbers. In certain cases, particularly for those who requested municipal services, extra information like contact details, bank accounts, and ID copies may also have been compromised.

The municipality will notify all residents by letter about the breach, while those affected by the theft of ID copies will be contacted separately. They will be able to request a replacement ID at no cost. Authorities are also urging people to stay vigilant for signs of identity theft, phishing attempts, and other suspicious communications.

The municipality says that 552,000 files were compromised in the breach. Login credentials for DigiD were not affected, since those are not held by the municipality. Instead, the attackers used a tactic called ClickFix, where victims encounter a fake error message and are tricked into clicking a link that ultimately gives hackers access to systems.

The municipality has reported the incident to the police and informed the Dutch Data Protection Authority. Staff passwords have been changed, and additional security measures are being put in place. Together with police and cybersecurity experts, the municipality is watching for any publication of the stolen data. It has not been shared whether there has been any communication with the attackers.