A critical data breach has been exposed, affecting multiple European organizations and potentially thousands of employees. The Dutch Data Protection Authority (AP) and the Council for the Judiciary have confirmed a cyber attack on their systems, leveraging a zero-day exploit in Ivanti's Endpoint Manager Mobile (EPMM). This revelation raises concerns about the security of sensitive employee data.
But here's where it gets controversial: the attack was not an isolated incident. The European Commission also reported traces of a similar breach, potentially exposing names and mobile numbers of its staff. And this is not all; Finland's Valtori disclosed a breach affecting up to 50,000 government employees, targeting a zero-day vulnerability in their mobile device management service.
The Ivanti EPMM vulnerabilities, CVE-2026-1281 and CVE-2026-1340, were exploited to gain unauthorized access to work-related data, including names, email addresses, and phone numbers. Ivanti confirmed the zero-day exploitation but remained vague about the extent of the impact, stating only a 'very limited number of customers' were affected.
The question arises: how limited is 'very limited'?
The investigation revealed a concerning data retention issue. The management system failed to permanently delete data, leaving it accessible even after removal. This means the breach could have far-reaching consequences, impacting all organizations that used the service and potentially exposing multiple users per device.
Security experts warn that these attacks are not random but rather the work of skilled and well-equipped threat actors. Benjamin Harris, CEO of watchTowr, emphasizes the need for heightened vigilance: 'Attackers are targeting trusted enterprise systems. What was once considered internal and safe should now be treated with caution.'
The speed of response is crucial in mitigating such attacks. Harris adds, 'Resilience and rapid action are key. Quick identification and containment of vulnerabilities can prevent minor issues from escalating into major crises.'
As the investigation unfolds, the true extent of the damage remains to be seen. Are these isolated incidents or part of a larger, coordinated campaign? The debate is open, and the implications for data security are significant. Stay tuned for further updates on this evolving story.
