The Dutch National Police arrested a 35-year-old man suspected of hacking the professional football club Ajax Amsterdam (AFC Ajax) earlier this year.
The suspect was arrested in Buren and, according to a Tuesday press release, he is believed to have hacked into the football club’s systems multiple times.
“On the morning of Tuesday, May 26, the police arrested a 35-year-old man from the municipality of Buren for computer trespassing at the Amsterdam football club Ajax. The man is suspected of deliberately unlawful intrusion into Ajax’s computer systems several times,” the police said.
“In early 2026, Ajax was confronted with the computer trespass after the suspect granted himself access to the football club’s computer systems. After the police were informed, the criminal investigation department started an investigation in which the suspect from the municipality of Buren came into the picture.”
AFC Ajax disclosed the incident in late March, saying that the attacker exploited vulnerabilities in its IT systems to access data belonging to a few hundred individuals.
The vulnerability also allowed modifying stadium bans imposed on fewer than 20 individuals and transferring purchased tickets to others.
According to an RTL report, the same security flaw also enabled broad access to fan data via APIs and shared keys, with the hacker demonstrating how they could reassign a VIP season ticket in seconds.
Most worryingly, they also demonstrated how they could manipulate 538 supporter stadium bans, 42,000 season tickets, and view details on more than 300,000 accounts.
The Dutch football club has since patched vulnerabilities exploited in the attack and has notified the Dutch Data Protection Authority and the police of the incident.
In September 2025, the Dutch National Police also arrested two teenage boys suspected of spying for Russia using a WiFi sniffer device near Europol and Eurojust offices, as well as the Canadian embassy.
More recently, financial crime investigators in the Netherlands (FIOD) arrested two men and seized 800 servers linked to a web hosting company that enabled cyberattacks, interference operations, and disinformation campaigns.
Automated pentesting tools deliver real value, but they were built to answer one question: can an attacker move through the network? They were not built to test whether your controls block threats, your detection rules fire, or your cloud configs hold.
This guide covers the 6 surfaces you actually need to validate.
Click Here For The Original Source.
