NL: Police Warned About Security Hole Used by Russian Hackers in Major Theft of Police Data

State‑sponsored cyber groups have increasingly turned their attention to cloud platforms that host government data, and Microsoft’s M365 suite is no exception. Russian actors, in particular, have a track record of probing European public‑sector environments, leveraging the same tools that enable remote collaboration. The Dutch police’s 2022 risk analysis flagged the "inherent" dangers of the cloud and warned that "state actors" would be highly motivated to infiltrate it. Yet, without decisive mitigation, those warnings remained largely theoretical, leaving a critical attack surface exposed.

The September 2024 breach unfolded through a classic phishing vector: an employee’s email credentials were harvested, granting the attackers a foothold within the police’s M365 tenant. Once inside, they harvested a trove of personal data—names, phone numbers, profile images—covering nearly every officer in the Netherlands. The loss of such granular information not only jeopardizes individual safety but also erodes operational secrecy, complicates investigations, and fuels public distrust. The incident illustrates how a single compromised account can cascade into a nationwide security crisis when cloud permissions are overly permissive.

In response, Dutch authorities face mounting pressure to overhaul their cybersecurity governance. Experts advocate for a zero‑trust architecture, continuous monitoring, and mandatory multi‑factor authentication for all privileged accounts. Moreover, the breach aligns with broader EU initiatives, such as the Cybersecurity Act and the upcoming NIS‑2 directive, which demand rigorous risk assessments and incident reporting for critical infrastructure. By tightening procurement standards for cloud services and investing in staff awareness programs, governments can transform this costly lesson into a catalyst for resilient, future‑proof digital policing.