Belgian State Security and Organizations Targeted by Cyberattacks

Between May 2025 and Spring 2026, the Belgian State Security experienced a data breach exposing employee information, attributed to vulnerabilities in Ivanti Endpoint Manager Mobile (EPMM). Hackers exploited flaws allowing access to names, phone numbers, and GPS locations without breaching the internal network. Meanwhile, a large-scale Russian cyberattack in February 2026 affected at least 270 organizations, including schools and law firms, using backdoors in Fortinet antivirus software. This attack has compromised over 110 million accounts, and its consequences are still ongoing. The Belgian Cybersecurity Center has been notified, and organizations are advised to enhance security measures. The situation highlights significant vulnerabilities in widely used security tools.

Key Points: • Belgian State Security data breach involved employee data exposure via Ivanti EPMM vulnerabilities. • Russian cyberattack in February 2026 impacted 270 organizations, using Fortinet software backdoors. • Over 110 million accounts compromised, with ongoing consequences and no resolution yet.