Dutch Prosecution Service begins phased system reboot after cyberattack

The Dutch Public Prosecution Service (Openbaar Ministerie, OM) has begun reconnecting its systems to the internet after a cyberattack last month forced a full digital shutdown. External experts have determined it is now safe to bring the systems back online gradually. According to the OM, no data was stolen or altered in the attack.

The National Cyber Security Center (NCSC) had previously identified a vulnerability in the digital infrastructure used by OM staff to access internal office systems remotely. Hackers exploited this weakness, prompting the OM to take all systems offline as a precaution.

Due to the outage, OM employees were unable to log in remotely, send or receive emails, or access key digital services. The first system now restored is email, allowing staff to resume external communication.

The OM said the restoration will follow the procedural order of criminal cases. Systems for registering arrests will be brought online next, followed by those used to record convictions.

“It is important that the restart happens in phases, as our systems are internally connected with those of the police and the Central Judicial Collection Agency,” the OM stated. “The restart is being carefully coordinated with all partners in the justice chain to minimize disruptions to their systems and processes.”

The OM did not say when full online functionality will be restored. It also remains unclear how the shutdown will impact upcoming court proceedings.

In the meantime, OM employees are relying on creative workarounds to keep legal processes moving. Courts and courts of appeal have reportedly supported prosecutors by printing documents and assisting with logistical challenges.