Several important internal systems have been taken offline by the Dutch Ministry of Finance. On March 19, 2026, security teams found the breach when they saw that someone had entered the network without permission. As a direct result, about 1,600 Dutch public institutions, such as local governments, schools, and government agencies, could no longer check their treasury account balances online.

The ministry confirmed that tax collection, customs operations, and benefits administration, all of which are services that the public uses, were not affected at all, even though there was a problem. No APT group, ransomware syndicate, or other threat actor has publicly taken responsibility for the attack. There have been no public releases of specific Indicators of Compromise (IOCs).

The Ministry hasn't yet given a clear date for when the treasury banking portal will be fully restored or when the ongoing forensic audit will be finished. Three main groups are in charge of the incident response: the Dutch National Cyber Security Center (NCSC), the Dutch National Police's High Tech Crime Team, and outside digital forensic analysts. It has also been formally reported to the Dutch Data Protection Authority (AP) due to the potential exposure of sensitive employee data.

So far, there have been no public releases of specific Ind indicators of compromise.