Cyber attack forces Dutch Finance Ministry to suspend Treasury banking services

The Netherlands’ Ministry of Finance said a major cyber attack forced it to temporarily take its systems offline and suspend Treasury banking services, preventing over 1,600 public institutions from checking their balances, accessing loans or generating reports.

 

The Ministry of Finance first announced the cyber attack on March 23, stating that its information technology staff detected unauthorised access to the ministry’s systems on March 19. Upon discovering the incident, the Ministry launched an investigation which determined that the incident’s impact was limited to a number of primary processes within the policy department.

 

"Services to citizens and businesses provided by the Tax and Customs Administration, Customs, and Benefits have not been affected," the Ministry said. "We will update this message when we can share more information."

 

The Ministry shared a lengthy update about the cyber security incident in a letter addressed to the President of the House of Representatives on Sunday, stating that it had to take its systems temporarily offline on March 23 as a result of "new insights that came to light during the investigation."

 

Finance Minister Eelcon Heinen said the systems were taken offline for security reasons and to ensure that the forensic investigation continued unimpeded. In the meantime, Ministry staff are resorting to manual workarounds wherever possible to minimise the consequences of the cyber incident to its operations.

 

Though the systems shutdown did not impact services provided by the Tax and Customs Administration and the Benefits Administration, it rendered the digital portal for Treasury Banking offline, which meant that as many as 1,600 public institutions, including ministries, agencies, public bodies with statutory duties, educational institutions, social funds, and decentralized government authorities, could not perform certain banking services.

 

"Participants are temporarily unable to use the portal to request loans, deposits, or credit facilities, modify their intraday limits, or generate reports," Heinen said. "It is important to note that participants do retain full access to their funds held in the Treasury, and that incoming and outgoing payments continue to be processed as usual through standard banking channels. Where necessary, essential services are being maintained manually to ensure that critical processes remain operational."

 

Heinen said the Ministry cannot state for certain for how long it may need to keep its systems offline, but has implemented enhanced monitoring and security measures across all affected systems. The Ministry continues to investigate the incident with help from the National Cyber Security Centre and forensic experts and has filed a formal report with the police’s High Tech Crime team.

 

"You may rest assured that all parties involved are working around the clock to resolve this incident," Heinen added.