What vulnerabilities were exploited in the Ivanti EPMM attacks?

Attackers exploited CVE-2026-1281 and CVE-2026-1340, both of which are critical vulnerabilities with CVSS scores of 9.8 that allow unauthenticated remote code execution.

Which organizations were affected by the breach?

The affected organizations include the Dutch Data Protection Authority (AP), the Dutch Council for the Judiciary (Rvdr), the European Commission, and Finland's state ICT provider, Valtori.

What type of data was exposed in the incident?

Exposed data includes employee names, business email addresses, work phone numbers, mobile device details, and historical user records.

How many individuals were impacted?

Approximately 50,000 government employees were affected in Finland; the number of affected individuals in the Dutch and EU agencies has not been disclosed.

When were the patches for these vulnerabilities released?

Ivanti released corrective patches for the zero-day vulnerabilities on January 29, 2026.

Incident

Dutch Authorities Hit by Ivanti Zero-Day Exploits

published: Feb. 10, 2026

Learn More

The Dutch Data Protection Authority (AP) and the Council for the Judiciary (Rvdr) confirmed their systems were compromised by cyberattacks exploiting zero-day vulnerabilities in Ivanti Endpoint Manager Mobile (EPMM). The breach, disclosed in a notice to the Dutch parliament on February 6, 2026, also impacted the European Commission and Finland's state ICT provider, Valtori.

The compromised data includes:

Full names of government and agency employees
Business email addresses
Work telephone numbers
Mobile device details and metadata
Historical user records and device logs

The number of affected individuals for the Dutch agencies are not disclosed. The Dutch National Cyber Security Center (NCSC) alerted agencies on January 29, 2026, the same day Ivanti released corrective patches.

Dutch Authorities Hit by Ivanti Zero-Day Exploits

Read More
Uttarakhand State Data Center hit by ransomware, disrupts …
Slovakia's Land Registry Office hit by cyberattack, shuts …
Multiple Bangladesh's government systems breached, exposing sensitive information
FBI Servers Compromised in Targeted Breach of Surveillance …
UK Home Office confirms investigation of incident affecting …