Cyber Incident Victim: Judicial Council

In February 2026, the European Commission, the Dutch Data Protection Authority, and the Judicial Council publicly confirmed that they had been compromised in a cyberattack. The attackers exploited critical zero‑day vulnerabilities in Ivanti Endpoint Manager Mobile to gain access to the networks of these organizations. The confirmation came as part of a broader disclosure that also involved the European Commission and the Dutch Data Protection Authority. The vulnerability allowed unauthorized code execution on managed mobile devices, providing a foothold for further intrusion. The incident was identified during routine security monitoring that flagged anomalous activity linked to the Ivanti platform. Upon detection, the affected entities initiated internal investigations to determine the scope of the breach. The Judicial Council, together with the other two bodies, issued statements acknowledging the compromise. The statements did not attribute the attack to any specific threat actor or group. The disclosure emphasized that the breach originated from the same Ivanti zero‑day flaw across the three organizations. The timeline placed the exploitation in the same month as other notable Ivanti‑related incidents reported globally.

In the Dutch incident, which included the Judicial Council’s systems, the attackers accessed work‑related data such as names, email addresses, and phone numbers stored on the compromised devices. The European Commission reported that it succeeded in containing its portion of the breach within nine hours of initial detection, limiting further data exfiltration. While the Commission’s containment timeframe was disclosed, no equivalent containment duration was provided for the Judicial Council or the Dutch Data Protection Authority in the public statements. The accessed personal data elements were described as limited to contact information and did not include more sensitive categories such as financial details or classified documents. The Judicial Council confirmed that the breach had been identified and that remedial actions were underway, though specifics of those actions were not detailed in the source material. The incident highlighted the risk posed by unpatched zero‑day vulnerabilities in widely used mobile‑management solutions. No further public updates on the Judicial Council’s recovery or any potential misuse of the exfiltrated data were included in the available reports.