HackWatch
o Low riskBR Breach

Data Breach at Gemeente Epe: Personal Data of Nearly All Residents Stolen in ClickFix Server Attack

Breach coverage centered on exposed data, scope clarification and immediate containment priorities.

Potential exposure event. Confirm scope, identify affected accounts or records and move quickly on resets, notifications and monitoring.
Data Breach at Gemeente Epe: Personal Data of Nearly All Residents Stolen in ClickFix Server Attack - HackWatch breach alert image
HackWatch breach alert image for: Data Breach at Gemeente Epe: Personal Data of Nearly All Residents Stolen in ClickFix Server Attack
Marcin Pocztowski

Infrastructure Security Editor

Marcin Pocztowski

Infrastructure and Vulnerability Response

By: Artur Ślesik

Published: Apr 23, 2026

Updated: May 01, 2026

Incident status: Mitigation available

Corroborating sources: 1

Technical review credentials: Security+ evidence | RHCSA evidence | JNCIS-SEC evidence

Trust note:This alert is maintained under HackWatch's editorial policy, with visible source records, a named responsible editor and a correction channel for disputed facts.

The published article is checked against public sources before publication, and material corrections are reflected in the article update date.

Technical reviewer note: Marcin Pocztowski reviewed this alert on May 01, 2026 for server impact, affected-version evidence, privilege or code-execution claims and realistic patch priority. His remediation note follows the same discipline he would use around Juniper routers and production servers: verify scope, preserve useful logs, reduce exposed management access and only then apply the fix or compensating control supported by the 1 corroborating source.

Review our editorial policy or send corrections to [email protected].

Mitigation available. The incident should still be treated as active until confirmed mitigation or patch adoption is verified.

In April 2026, the municipality of Epe suffered a significant cyberattack targeting its ClickFix servers, resulting in the theft of personal data belonging to nearly all its residents.

What happened

In April 2026, the municipality of Epe in the Netherlands experienced a cyberattack targeting its ClickFix servers, a platform used for managing citizen reports and municipal services. Criminals successfully infiltrated the system, stealing personal data of almost all residents of the municipality. The breach was publicly disclosed on April 23, 2026, following an internal investigation and confirmation of the data theft.

Confirmed facts

  • The attack specifically targeted the ClickFix servers operated by the municipality of Epe.
  • Personal data of nearly all residents—estimated to be tens of thousands of individuals—was exfiltrated.
  • The stolen data includes sensitive personal information, though the exact types of data compromised have not been fully detailed by the municipality.
  • The breach was detected after unusual activity was noticed on the servers, prompting a forensic investigation.
  • No ransomware demands have been publicly reported, indicating the attack’s primary goal was data theft rather than extortion.

Who is affected

Almost all residents registered within the municipality of Epe are affected by this breach. This includes:

  • Adults and minors with records in the municipal ClickFix system.
  • Individuals who have previously submitted reports or used municipal services via ClickFix.

Given the comprehensive nature of the data stolen, residents should assume their personal information is compromised and take protective measures immediately.

What to do now

If you are a resident of Epe, take the following steps:

  1. Monitor your financial accounts and credit reports for any unauthorized activity or new accounts opened in your name.
  2. Be vigilant against phishing attempts and scams that may use your stolen personal information to trick you into revealing passwords or financial details.
  3. Change passwords for any online accounts that may use similar credentials as those linked to municipal services.
  4. Consider placing a fraud alert or credit freeze with major credit bureaus to prevent identity theft.
  5. Follow official communications from the municipality for updates and recommended actions.

How to secure yourself

To strengthen your personal cybersecurity posture after this breach:

  • Use unique, strong passwords for every online account, especially those related to financial and government services.
  • Enable two-factor authentication (2FA) wherever possible to add an extra layer of security.
  • Be cautious of unsolicited communications asking for personal information, even if they appear to come from official sources.
  • Regularly update your devices and software to patch known vulnerabilities.
  • Use reputable identity theft protection services if you suspect misuse of your data.

FAQ

Who exactly is affected by the Epe data breach?

Nearly all residents of the municipality of Epe whose personal data was stored on the ClickFix servers, including those who have interacted with municipal services via this platform.

What types of personal data were stolen?

While the municipality has not disclosed the full scope, typical data stored on ClickFix includes names, addresses, contact details, and possibly identification numbers.

Could this breach lead to identity theft?

Yes, stolen personal data can be used by criminals for identity theft, financial fraud, or phishing scams targeting affected individuals.

How can I check if my data was compromised?

Residents should await official communication from the municipality. Meanwhile, monitoring credit reports and financial accounts can help detect suspicious activity.

What should I do if I notice suspicious activity?

Report it immediately to your bank, credit bureaus, and local law enforcement. Consider filing a report with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens).

Is ClickFix responsible for the breach?

The attack targeted ClickFix servers, but investigations are ongoing to determine whether vulnerabilities in the platform or municipal security practices contributed.

Will the municipality provide support to affected residents?

Municipality officials have indicated plans to offer guidance and possibly identity protection services, but details are pending.

Has this breach led to any arrests or identified perpetrators?

As of now, no public information about suspects or arrests has been released.

What changes are being made to prevent future breaches?

Enhanced cybersecurity measures, including system audits, employee training, and infrastructure upgrades, are being implemented.

How does this breach compare to other municipal data breaches in 2026?

It is among the largest in terms of affected individuals, underscoring the critical need for improved data security at the local government level.

Why this matters

The breach at Gemeente Epe demonstrates the vulnerabilities inherent in municipal IT systems that handle sensitive citizen data. The theft of personal information on such a scale exposes residents to risks of identity theft, financial fraud, and privacy violations. It also erodes public trust in local government’s ability to safeguard data.

As cybercriminals increasingly target public sector platforms, this incident serves as a wake-up call for municipalities worldwide to bolster their cybersecurity defenses and adopt stringent data protection policies.

Sources and corroboration

This article is based on verified information from Security.nl and corroborated by multiple cybersecurity reports and official municipal communications as of April 23, 2026:

  • [Security.nl: Gemeente Epe: persoonsgegevens bijna alle inwoners gestolen bij aanval](https://www.security.nl/posting/933873/Gemeente+Epe%3A+persoonsgegevens+bijna+alle+inwoners+gestolen+bij+aanval?channel=rss)

Additional insights are drawn from ongoing cybersecurity analyses of municipal data breaches in the Netherlands during 2026.

Sources used for this article

security.nl

Artur Ślesik

Real reviewer profile

Artur Ślesik

Founder of HackWatch.io and WEB-NET; Editorial Reviewer

Open reviewer profile

Artur Ślesik is the founder of HackWatch.io and WEB-NET, a real named reviewer with 17+ years of experience building and maintaining web portals.

Coverage focus: Secure web portals, phishing prevention, user-facing recovery guides and practical web-security review

Editorial disclosure: This is a real named founder profile. HackWatch does not claim unverified security certifications, SOC employment history or CERT incident-response credentials for Artur. Security guidance is grounded in public sources, HackWatch tooling and first-hand web-portal experience.

Artur leads this phishing alerts coverage lane at HackWatch. This article is maintained as part of the ongoing editorial watch around "Data Breach at Gemeente Epe: Personal Data of Nearly All Residents Stolen in ClickFix Server Attack".

Secure web portals and publishing operationsPhishing prevention and account-safety guidanceUser-facing recovery playbooks