Belgium’s Spy Agency Hacked: Personal Data Of Agents Compromised - 1

Image by Mika Baumeister, from Unsplash

Belgium’s Spy Agency Hacked: Personal Data Of Agents Compromised

  • Written by Kiara Fabbri Former Tech News Writer
  • Fact-Checked by Sarah Frazier Former Content Manager

Belgian authorities have launched an investigation into a cyberattack that compromised the country’s intelligence agency, the State Security Service (VSSE), as first reported by Le Soir .

In a Rush? Here are the Quick Facts!

  • The breach exploited a vulnerability in U.S. cybersecurity firm Barracuda’s email system.
  • 10% of VSSE’s emails were intercepted, exposing staff and government communications.
  • Classified data was safe, but nearly half of VSSE’s staff had personal data compromised.

The breach, described as the most severe in the agency’s history, allegedly involved a Chinese espionage group exploiting vulnerabilities in U.S. cybersecurity firm Barracuda’s software.

The Federal Prosecutor’s Office confirmed Wednesday that it received a formal complaint from VSSE over the cyberattack, which reportedly spanned from 2021 to 2023, according to Reuters .

According to Le Soir, the hackers accessed the agency’s external email server, intercepting approximately 10% of VSSE’s incoming and outgoing emails.

The hackers are believed to have obtained correspondence with law enforcement agencies, government ministries, and other institutions. While classified data remained secure, personal information belonging to nearly half of VSSE’s staff may have been compromised.

“We thought we had bought a bulletproof vest, only to find a gaping hole in it,” an intelligence source told Le Soir.

The Brussels Times (BT) explains that the attack targeted a security flaw in Barracuda’s Email Security Gateway Appliance, a firewall designed to protect email communications.

Barracuda disclosed the vulnerability in 2023, warning that state-backed hacking groups had exploited it. The VSSE and the Belgian Pipeline Organisation, which oversees North Sea pipelines, were among the affected entities.

Politico notes that cybersecurity researchers from Google’s Mandiant division previously linked the attack to a Chinese cyberespionage group. The Chinese embassy in Belgium did not immediately respond to requests for comment.

The breach’s timing was particularly concerning, as it occurred during a recruitment drive to expand VSSE’s workforce. Many of the agency’s new hires—some still undergoing security clearance—may have had their personal data compromised, as detailed by BT.

Following an internal audit, VSSE filed an official complaint in November 2023. The Federal Prosecutor’s Office has since launched a judicial investigation but has not disclosed any preliminary findings. Prosecutors said it was too early to disclose findings as the investigation remains ongoing, reported Reuters.

The case has also been referred to Belgium’s intelligence oversight body, the R Committee. Chair Vanessa Samain confirmed that VSSE reported the breach in June 2023, but the committee’s findings remain classified, says BT.

Intelligence sources indicate that in response to the breach, VSSE has ended its use of Barracuda products and advised affected staff to renew identity documents to prevent fraud.

Despite concerns that stolen data could be sold on the dark web, no evidence of such activity has surfaced. Officials remain uncertain whether VSSE was the primary target or if it was caught in a larger espionage campaign.

A Disney Worker Downloaded An AI Tool That Led To A Costly Cyberattack - 2

Image by Joe Penniston, from Flickr

A Disney Worker Downloaded An AI Tool That Led To A Costly Cyberattack

  • Written by Kiara Fabbri Former Tech News Writer
  • Fact-Checked by Sarah Frazier Former Content Manager

A simple software download turned into a nightmare for Matthew Van Andel, a former Disney employee. A cyberattack stole his personal information, and ultimately cost him his job, as first reported by The Wall Street Journal (WSJ).

In a Rush? Here are the Quick Facts!

  • Van Andel downloaded AI software with hidden malware, compromising his passwords and credentials.
  • The hacker used stolen session cookies to access and leak 44 million Disney messages.
  • Sensitive Disney data, including employee and customer details, was exposed in the breach.

Van Andel unknowingly invited the hacker into his system last February when he downloaded AI image-generation software from GitHub. Hidden within the program was an infostealer, malware designed to extract login credentials and other sensitive data, as reported by WSJ.

GitHub, a widely used platform for sharing code, has recently also been exploited by cybercriminals through fake repositories that spread malware worldwide . Attackers use AI-generated documentation and frequent updates to make these malicious projects appear legitimate, tricking developers into downloading harmful software.

Over the following months, the attacker gained access to Van Andel’s password manager, 1Password, as well as session cookies—digital tokens that bypass login credentials for online accounts.

This granted the hacker unauthorized entry into Disney’s Slack workspace, where millions of messages, internal documents, and even private employee and customer information were stored.

WSJ reports that Van Andel remained unaware of the breach until July 11, when he received a cryptic message on Discord referencing a conversation he had in Disney’s Slack channel. Soon after, his credentials were used to leak 44 million messages online, exposing Disney’s internal communications and financial data.

The fallout was swift. Disney launched a cybersecurity investigation, confirming the exposure of confidential customer details, employee passport numbers, and revenue figures from its streaming and theme park divisions. The company later announced plans to phase out Slack as a collaboration tool, reports WSJ.

For Van Andel, the attack didn’t stop at work. The hacker stole his credit card information, leaked his Social Security number, and even published credentials that could access security cameras in his home. “It’s impossible to convey the sense of violation,” said Van Andel, as reported by WSJ.

His digital accounts were hijacked, his children’s Roblox profiles were compromised, and strangers flooded his social media with offensive messages. The hacker, initially claiming to be from a Russia-based hacktivist group, later turned out to be an individual operating under the alias “Nullbulge.”

Days after the breach, Disney terminated Van Andel’s employment, citing forensic evidence of inappropriate material on his company-issued laptop—an allegation he denies.

“Mr. Van Andel’s claim that he did not engage in the misconduct that led to his termination is firmly refuted by the company’s review of his company-issued device,” a Disney spokesperson stated.

Van Andel has since filed a legal claim against Disney, seeking compensation for lost wages and damages. Meanwhile, he continues to battle the lingering effects of the cyberattack, as stolen credentials linked to his accounts remain active in underground markets.