Information about the data breach at gemeente Epe

Since 14 March 2026, we have shared information about the data breach on our website. We have now done careful research and know more about the stolen data. On this page we explain what we know, what it means for you, what you can do, and what we are doing for you.

The research shows that the following data was likely stolen from all residents of the Municipality of Epe:

• Name
• Address
• Gender
• Date of birth
• Place and country of birth
• Citizen service number (BSN)

Good to know: the municipality does not have DigiD usernames and passwords of residents. Your DigiD is safe.

For some residents, other data was also stolen. This is because they applied for a municipal service or submitted an objection. This may include contact details, bank account numbers, or copies of identity documents.

To be clear: the municipality does not keep general lists with phone numbers, email addresses, and bank account numbers of all residents.

A copy of a Dutch national identity card, passport, or driving licence increases the risk of identity fraud. We have therefore investigated which residents have a copy of a valid identity document in the stolen files.

Residents whose copy was found have received a separate letter. In that letter we explain how they can have this document replaced for free. This reduces the risk of fraud.

Around 552,000 files were stolen. Because there are so many files, we currently cannot tell exactly whose data is in each file. Based on the advice of experts, we unfortunately do not expect to get more information from further research. The advice we give you in 'What can you do?' does not change because of this.

Data breaches can lead to spam or fake messages. To send these kinds of fake messages, criminals need an email address or phone number. Because the municipality does not keep lists of these, most residents' contact details were not stolen. However, these kinds of details may be in individual files, for example in an application or an objection. Criminals may also combine data from this breach with data they stole elsewhere. We therefore advise you to be alert to suspicious situations.

Watch out for situations such as:

• a letter, phone call, or message from someone who pretends to be an official organisation
• messages that ask for extra information or money
• situations where someone shows that they know your personal details
• are you unsure about a suspicious situation that may be related to this data breach? Please contact the municipality. We will be happy to look into it with you.

The municipality took immediate action:

• all passwords of our employees have been changed as a precaution
• our computer systems have been given extra security and are being monitored continuously
• we have reported this data breach to the Dutch Data Protection Authority (Autoriteit Persoonsgegevens)
• we have reported the theft to the police
• together with the police, the Information Security Service for Municipalities (IBD), and specialist research companies, we are monitoring whether anything is being done with the data. So far, the files have not been made public.

• Would you like more information about this incident? Visit www.epe.nl/datalek.
• Would you like to know how to protect yourself against fraud? Visit www.fraudehelpdesk.nl and www.veiliginternetten.nl.

Call us on 14 0578 or send an email to datalek@epe.nl. You can also contact our Data Protection Officer directly at FG@epe.nl.