Microsoft Accused of Leaking Dutch Civil Servants' Data to US Government
Microsoft has been accused of leaking data belonging to Dutch civil servants, who work for regulatory agencies implementing EU digital regulations, to the US House of Representatives. The leaked data, reported on May 28, 2026, includes emails, minutes, and invitations with unredacted names. This incident is reportedly linked to the US Cloud Act, which requires American tech companies to share data with the US government.
Signal context
First seen: May 28, 2026
Last updated: Jun 25, 2026
Status: Public signal
Key points
- Microsoft allegedly shared data of Dutch civil servants.
- Data included emails, minutes, and invitations with unredacted names.
- Civil servants work on EU Digital Services Act (DSA).
Signal analysis
BetaThis analysis groups the signal by industry, likely incident action and impacted security area. It helps compare this signal with other published signals without treating the labels as final determinations.
Sector: Information
Likely country: 🇳🇱 Netherlands
inferred from source domains
Watch internet-facing systems, credential abuse and exploit activity.
- Source type: outside the affected organization
Impact area: Confidentiality
Likely asset: Server or cloud data store
- 29 signals in the same sector
- 93 signals with the same likely impact area
- 1 signal linked to this organization/domain
External sources
Related signals
Grouped by why the signal is relevant.
AgelessRx Data Breach Exposes Patient Health Information
AgelessRx, a telehealth platform specializing in longevity and anti-aging treatments, disclosed a data breach. An unauthorized actor gained access to certain help-desk tickets within the company's system between April 17 and April 22, 2026. The breach exposed sensitive patient health information, including names, dates of birth, health diagnoses or conditions, medications, and prescription details. The incident was reported to attorneys general on June 24, 2026, and notification letters to affected individuals began on June 23, 2026.
OneTrust Customer Data Exposed in Klue Supply Chain Attack
OneTrust, a privacy, security, and governance technology company, was among the organizations affected by the Klue supply chain attack. The incident involved unauthorized access to customer data within Salesforce environments, due to compromised OAuth tokens from the Klue platform.
HackerOne Affected by Klue Supply Chain Attack
Cybersecurity firm HackerOne was among the organizations impacted by the Klue supply chain attack, which involved unauthorized access to customer data within Salesforce environments. The attack leveraged compromised OAuth tokens from the Klue platform.
Klue Data Breach Leads to Salesforce Customer Data Exposure
Market intelligence platform Klue experienced a data breach, uncovered on June 12, 2026, where attackers stole OAuth tokens used to access customer data from Salesforce. The Icarus group claimed responsibility, leaking business contacts, sales notes, and pricing details from multiple victims. The incident was widely reported on June 24, 2026.
Snyk Affected by Klue Supply Chain Data Breach
Developer security platform Snyk was impacted by the Klue supply chain attack, which led to unauthorized access to customer data within Salesforce environments. The attack leveraged compromised OAuth tokens from the Klue platform.
Jamf Customer Data Exposed in Klue Supply Chain Attack
Jamf, a provider of Apple device management solutions, was impacted by the Klue supply chain attack. The incident involved unauthorized access to customer data stored in Salesforce instances, stemming from compromised OAuth tokens from the Klue platform. The Icarus extortion group claimed responsibility for the attack.