Added:
If no hack is published by 31 January 2024 this will resolve to NO.
Added:
Between 6 May 2023 and 31 December 2023 (not retrospective) ...
Hackers break into a Dutch government organization and steal, publish or destroy confidential information. The incident will at least be published on the nos.nl newssite.
DDos does not count.
Hacking devices of a government employee and stealing the data from there does not count.
Personal errors of a government employee, like losing a USB stick does not count.
The "back end" of the government organization must be compromised.
Added:
Administrator error that does not need hacking, like leaving an Amazon bucket open, does not count.
Administrator error, like not applying patches, and then getting hacked, does count.
1,000
3.00🏅 Top traders
| # | Name | Total profit |
|---|---|---|
| 1 | Ṁ159 | |
| 2 | Ṁ71 | |
| 3 | Ṁ54 | |
| 4 | Ṁ48 | |
| 5 | Ṁ41 |
Checked 24 december - 31 december 2023:
If nothing new comes to light in January 2024 the resolution will be NO:
This was a pentest, if it were a real attack it would count:
Brabantse gemeenten hebben beveiliging persoonsgegevens niet op orde - Security.NL
Insider threat, if it was a government it would count:
Erasmus MC onderzoekt ongeoorloofde inzage in dossier slachtoffer schietincident - Security.NL
I have opened a similar question for 2024:
https://manifold.markets/uair01/will-there-be-a-cyberbreach-of-a-du-33f20284342c?r=dWFpcjAx
Checked 11 november - 23 december 2023:
Adjacent but not a government service.
Cyberaanval zorgt voor landelijke storing bij noodknopsysteem ouderen - Security.NL
Adjacent but not a hack:
Gemeente Voorschoten krijgt boete voor bewaren afvalgegevens inwoners - Security.NL
Adjacent but privacy, not hack:
AP houdt toezicht op hersteloperatie UWV na illegale inzet algoritme - Security.NL
Adjacent but privacy, not hack:
Verzamelde gegevens ggz-patiënten na opt-out niet verwijderd - Security.NL
Adjacent, AI and privacy, but not hack:
Kabinet heeft geen zicht op hoog-risico algoritmes gebruikt door Rijksoverheid - Security.NL
Adjacent, privacy and algorithms, not hack:
SP wil opheldering over algoritmes Belastingdienst die niet aan AVG voldoen - Security.NL
Adjacent, but privacy, not hack:
AP: politie heeft wet overtreden met Schengen Informatiesysteem - Security.NL
@dph121 Any government organization. In Dutch jargon: ZBO's, agentschappen, waterschappen, provincies, gemeenten. These all count. But, for example, not hospitals, schools and universities.
@dph121 Good question! I think I'll resolve this way:
If no hack is published by 31 January 2024 this will resolve to NO.
Checked period 13 September to 11 November on security.nl and nos.nl
CEO fraud, not a hack:
Gemeente Alkmaar maakt door ceo-fraude 236.000 euro over aan criminelen - Security.NL
Fraudeur die Alkmaar voor tonnen oplichtte deed zich voor als directeur - Security.NL
Data leak, not a hack:
UWV moet slachtoffer datalek schadevergoeding van 500 euro betalen - Security.NL
Germany, would probably count if it was Dutch:
Duitse gemeenten zonder systemen na ransomware-aanval op it-provider - Security.NL
Checked period 14 July on to 13 september on security.nl and nos.nl
No news of a Dutch government hack by this method, although claims that some governments were hacked:
Privacy concern, leak, not a hack:
https://www.security.nl/posting/805317/Politie+maakt+zonder+wettelijke+basis+gebruik+van+webcrawlers
Insider threat, leak, not hack:
Fraud and document countefeting, not hack:
Historic infiltration and espionage, not hack:
Governent hack, but too long ago:
https://nos.nl/artikel/2474876-gemeente-hof-van-twente-moet-miljoenenschade-na-hack-zelf-betalen
Funny hack, but not overnment:
Checked period 23 June to 14 July on security.nl and nos.nl:
Leak, does not count
Leak, does not count
Leak, does not count
https://nos.nl/artikel/2472027-na-aivd-wijst-ook-mivd-op-chinese-spionagepraktijken
No attacks on government organizations
Does not count: library:
https://www.security.nl/posting/798654/Bibliotheek+Gouda+getroffen+door+ransomware-aanval
I propose not to let this count because it did not compromise the back end and it happened in 2022:
@Stralor I don't think it's that bad. If a government employee loses a USB stick or makes an error that makes a hack of the back end possible, it will count.
Getting phished and giving a hacker access to an internal share, will count.
I just want to exclude cases like: employee loses unencrypted USB stick.
This would also be an edge case that I would count as YES:
This would be an edge case. I would consider it as YES:
https://nos.nl/artikel/2447439-gegevens-van-toegangspassen-tweede-kamerleden-gelekt-door-hack