Shadow Tier cyber intelligence
Back to overview
Confidence MediumMay 22, 2026microsoft.com

Microsoft accused of leaking Dutch civil servants' names to U.S. government

PatternExternal actor · Hacking · Confidentiality impact

Microsoft reportedly shared emails, minutes, and invitations of Dutch civil servants working on implementing the Digital Services Act (DSA) with the U.S. House of Representatives, without redacting their names. This incident raised concerns about data privacy under the U.S. Cloud Act.

Signal date
May 22, 2026
Updated
Jun 24, 2026
Confidence
Medium
Sources
1 source
microsoft.com logo

Microsoft

Sector
Information
Signals
1 linked
Scan this company

Signal context

First seen: May 22, 2026

Last updated: Jun 24, 2026

Status: Public signal

Key points

  • Names of Dutch civil servants leaked.
  • Involved in Digital Services Act (DSA) implementation.
  • Data shared with U.S. House of Representatives.

Signal analysis

Beta

This analysis groups the signal by industry, likely incident action and impacted security area. It helps compare this signal with other published signals without treating the labels as final determinations.

Affected organization
Microsoft logo
Microsoft

Sector: Information

Likely country: 🇳🇱 Netherlands

inferred from source domains

    Estimated
    Threat source
    Hacking activity

    Watch internet-facing systems, credential abuse and exploit activity.

    • Source type: outside the affected organization
    Business impact
    Potential data exposure

    Impact area: Confidentiality

    Likely asset: Server or cloud data store

    Trend context
    51 signals with similar action pattern
    • 19 signals in the same sector
    • 66 signals with the same likely impact area
    • 1 signal linked to this organization/domain
    Mentioned entities
    MicrosoftSuspected Data ExposureMicrosoftDutchU.SDigital Services ActDSAU.S. House of RepresentativesU.S. Cloud Act. Names ofInvolved

    External sources

    Related signals

    Grouped by why the signal is relevant.

    lastpass.com logoLastpassJun 23, 2026
    Same sectorSame action patternSame impact area

    LastPass confirms data breach in Klue supply chain attack

    LastPass announced that hackers accessed customer data from its Salesforce environment after stealing the company's OAuth tokens in a supply chain attack targeting Klue, a third-party market intelligence platform. The unauthorized actor obtained OAuth tokens from Klue, which were then used to access LastPass customer data. Exposed information includes customer names, phone numbers, email addresses, physical addresses, support case information, and sales/CRM-related data. LastPass stated that its core products, services, and infrastructure, including customer vaults, were not affected by this incident. The Icarus extortion group claimed responsibility for the Klue attack.

    snyk.io logoSnykJun 22, 2026
    Same sectorSame action patternSame impact area

    Snyk impacted by Klue supply chain attack

    Snyk, a cybersecurity firm, was affected by a supply chain attack on market intelligence platform Klue. The attack compromised Klue's integration with Salesforce, leading to the exfiltration of business information from Snyk's Salesforce CRM, including sales account data and business contact information such as names, email addresses, job titles, and phone numbers. Snyk stated the intrusion was limited to its Salesforce instance and did not involve its internal systems.

    onetrust.com logoOnetrustJun 22, 2026
    Same sectorSame action patternSame impact area

    OneTrust impacted by Klue supply chain attack

    OneTrust, a cybersecurity firm, was affected by a supply chain attack on market intelligence platform Klue. The attack compromised Klue's integration with Salesforce, leading to the exfiltration of business information from OneTrust's Salesforce CRM, including sales account data and business contact information such as names, email addresses, job titles, and phone numbers. OneTrust stated the intrusion was limited to its Salesforce instance and did not involve its internal systems.

    jamf.com logoJamfJun 22, 2026
    Same sectorSame action patternSame impact area

    Jamf impacted by Klue supply chain attack

    Jamf, a cybersecurity firm, was affected by a supply chain attack on market intelligence platform Klue. The attack compromised Klue's integration with Salesforce, leading to the exfiltration of business information from Jamf's Salesforce CRM, including sales account data and business contact information such as names, email addresses, job titles, and phone numbers. Jamf stated the intrusion was limited to its Salesforce instance and did not involve its internal systems.

    huntress.com logoHuntressJun 22, 2026
    Same sectorSame action patternSame impact area

    Huntress impacted by Klue supply chain attack

    Huntress, a cybersecurity firm, was affected by a supply chain attack on market intelligence platform Klue. The attack compromised Klue's integration with Salesforce, leading to the exfiltration of business information from Huntress's Salesforce CRM, including sales account data and business contact information such as names, email addresses, job titles, and phone numbers. Huntress suggested that a threat actor named Icarus might have been responsible for the attack.

    hackerone.com logoHackeroneJun 22, 2026
    Same sectorSame action patternSame impact area

    HackerOne impacted by Klue supply chain attack

    HackerOne, a cybersecurity firm, was among several organizations affected by a supply chain attack on market intelligence platform Klue. The attack compromised Klue's integration with Salesforce, leading to the exfiltration of business information from HackerOne's Salesforce CRM, including sales account data and business contact information such as names, email addresses, job titles, and phone numbers. HackerOne stated the intrusion was limited to its Salesforce instance and did not involve its internal systems.