### Arrest in Buren The suspect was arrested in Buren, Netherlands. According to a press release, the individual is believed to have infiltrated the football club's systems on multiple occasions. "On the morning of Tuesday, May 26, the police arrested a 35-year-old man from the municipality of Buren for computer trespassing at the Amsterdam football club **Ajax**. The man is suspected of deliberately unlawful intrusion into **Ajax's** computer systems several times," the police stated. ### Details of the Breach **AFC Ajax** disclosed the incident in late March, revealing that the attacker exploited vulnerabilities in their IT infrastructure. This access granted the perpetrator the ability to access data belonging to a few hundred individuals. Further, the vulnerability allowed for the modification of stadium bans imposed on fewer than 20 individuals and the unauthorized transfer of purchased tickets. According to a report, the security flaw granted broad access to fan data via APIs and shared keys. The hacker demonstrated the ability to reassign a VIP season ticket within seconds. ### Impact and Remediation Most concerningly, the attacker showcased the potential to manipulate 538 supporter stadium bans, 42,000 season tickets, and view details on over 300,000 accounts. The Dutch football club has since patched the exploited vulnerabilities and notified the Dutch Data Protection Authority and the police regarding the incident. ### Recent Dutch Cybercrime Enforcement In September 2025, the Dutch National Police arrested two teenage boys suspected of spying for Russia using a WiFi sniffer device near **Europol** and **Eurojust** offices, as well as the Canadian embassy. More recently, financial crime investigators in the Netherlands (**FIOD**) arrested two men and seized 800 servers linked to a web hosting company that enabled cyberattacks, interference operations, and disinformation campaigns.  ## The Validation Gap: Automated Pentesting Answers One Question. You Need Six. Automated pentesting tools deliver real value, but they were built to answer one question: can an attacker move through the network? They were not built to test whether your controls block threats, your detection rules fire, or your cloud configs hold. This guide covers the 6 surfaces you actually need to validate. [Download Now](https://hubs.li/Q048zztN0)