On March 19, 2026, the Dutch Ministry of Finance confirmed unauthorized access to internal systems in its policy department, detected through a third-party notification rather than internal controls. Tax collection, customs, and subsidy systems serving approximately 9.5 million citizens are unaffected. Data exfiltration has not been confirmed or ruled out; the investigation is ongoing, attribution is unknown, and the full scope of employee data exposure has not been disclosed.