The province of Overijssel has temporarily disabled webmail for members of the Provincial Council (PS) and employees of the province. That happened after a successful phishing attack, reports the province.

A hacker received login details in the hands of an employee from the province of Overijssel in June. The webmail account was then used to send more phishing emails to employees.

The province says it has reported to the police and reported the leak to the Dutch Data Protection Authority. An external forensic investigation firm concluded that it is "unlikely" that sensitive (personal) data has been captured.

The hacker would not have had access to the province's network. The webmail is now temporarily unavailable for members and employees, because security measures are being implemented. According to the province, PS members and employees can use alternatives.

In the case of a phishing attack, for example, a victim is sent to a login page that seems legitimate but is not. Entered data such as an account name and password are then sent to the attacker.