The Dutch Ministry of Finance took some of its systems offline, including the digital portal for treasury banking, while investigating a cyberattack detected two weeks ago.

When it disclosed the incident last week, the ministry said the March 19 security breach didn't affect systems used to manage tax collection, income-linked subsidies, and import/export regulations for citizens and businesses.

While the breach affected some of its employees, it didn't disclose how many were impacted or whether the attackers stole any sensitive data from compromised systems. Also, no threat actor or cybercrime group has claimed responsibility for the attack.

In a statement to the Dutch House of Representatives on Monday, Minister of Finance Eelco Heinen said the ministry shut down some systems for security reasons on March 23, directly affecting hundreds of Dutch public institutions, including ministries, government agencies, educational organizations, social funds, and local governments.

"Due to the ongoing forensic investigation and for security reasons, several systems have been temporarily taken offline, including the digital portal for treasury banking. As a result, approximately 1,600 public institutions that hold funds with the Ministry of Finance are currently unable to view the balance of their treasury accounts online," Heinen said.

"Additionally, participants are temporarily unable to use the portal to apply for loans, deposits, or credit, change the intraday limit, or generate reports," he added. "It is important to note that participants do retain full access to their funds in the Treasury and that incoming and outgoing payments continue as usual through regular banking channels. Where necessary, minimum service levels will be maintained manually to ensure that essential processes can continue to function."

The incident is currently being investigated with the help of the Dutch National Cyber Security Center (NCSC) and external forensic experts. The ministry has notified the Dutch Data Protection Authority (AP) of the breach and filed a report with the Dutch national police's High Tech Crime Team.

The Dutch Minister of Finance could not provide a clear timeline for when the investigation will be completed or when the ongoing systems disruption will be resolved.

The country's National Police Corps was also breached in September 2024 by an unnamed state-backed threat actor, which stole the work-related contact information of an undisclosed number of police officers.

More recently, in February, Dutch authorities arrested a 40-year-old man who asked for "something in return" to delete confidential documents that the police had mistakenly shared.