Nearly All Epe Residents’ Data Stolen in March 12 ClickFix Breach Exposing 552,000 Files

### Context

On March 12, a significant data breach impacted the municipality of Epe, leading to the theft of personal information for a vast majority of its residents. The incident highlights the persistent threat of social engineering tactics targeting public sector entities and their constituents. The municipality confirmed the breach following an internal investigation.

### Key Facts

The attack vector, termed 'ClickFix,' involved attackers presenting victims with fake error messages. These messages then tricked users into clicking malicious links, granting the perpetrators unauthorized access to municipal systems. This method bypasses traditional perimeter defenses by exploiting human trust and urgency, a common characteristic of phishing attempts.

Investigators determined the breach compromised 552,000 files. Stolen data included sensitive details such as names, addresses, birth information, and gender. For individuals who had requested municipal services, additional information like contact details, bank accounts, and copies of identification documents were also exposed. Fortunately, login credentials for DigiD, a digital identification system, were not affected as the municipality does not store them.

In response, the municipality promptly reported the incident to both local police and the Dutch Data Protection Authority. Municipal staff passwords have been reset, and additional security measures are being implemented to prevent future incursions. The municipality is also actively monitoring for any public release of the stolen data.

### What It Means

This incident underscores the critical need for robust defense strategies against social engineering. Organizations should prioritize comprehensive employee training to recognize and report phishing attempts and fake error messages, linking to MITRE ATT&CK technique T1566 (Phishing). Implementing multi-factor authentication (MFA) across all systems can significantly reduce the impact of compromised credentials. Deploying advanced Endpoint Detection and Response (EDR) solutions offers crucial visibility into system activities and can help detect and contain unauthorized access quickly.

Affected residents should remain vigilant for signs of identity theft, phishing attempts, and other suspicious communications. The ongoing investigation and monitoring for data publication will reveal the full extent of this breach's long-term impact on Epe residents and municipal security protocols.