European institutions are addressing cyber incidents related to vulnerabilities in Ivanti EPMM. Attackers gained access to employees' work contact information. A security review of MDM is essential.
European public institutions are dealing with a series of cyber incidents in quick succession that are linked to critical vulnerabilities in the Ivanti Endpoint Manager Mobile (EPMM) solution. This platform is used for the centralized management of mobile devices, applications, and security policies within organizations.
The impact has been confirmed by authorities in the Netherlands, Finland, and the European Commission. Attackers are believed to have gained access to employees’ work contact information—namely, names, work email addresses, and phone numbers. According to current information, neither the content of the mobile devices themselves nor communications were compromised.
The Most Significant Impact in Finland
Valtori, Finland’s state-owned ICT service provider, reported that the incident may have affected up to approximately 50,000 public sector employees. The attack was linked to a previously unknown (zero-day) vulnerability in the system.
At the same time, questions arose regarding how historical data was handled—according to available findings, the system did not physically delete data after it was “deleted,” but merely marked it as deleted. Such an approach can significantly expand the scope of potentially affected data, even retroactively.
Critical, High-Risk Vulnerabilities
The vendor has released security updates for two serious vulnerabilities:
- CVE-2026-1281
- CVE-2026-1340
Both vulnerabilities have a CVSS score of 9.8 and allow remote code execution without the need for authentication. According to available information, at least one of them was actively being exploited.
Why is this case significant?
Recent events confirm that:
- mobile device management platforms are among attackers’ strategic targets,
- zero-day vulnerabilities are now a common component of attacks on both government and large corporate infrastructure,
- inadequate data retention and deletion policies can significantly increase the scope of an incident.
Although “only” work contact information was compromised, the coordinated occurrence of incidents across multiple countries demonstrates that the security of MDM/EMM solutions is a critical element of modern IT architecture.
How We Can Help
If your organization uses MDM/EMM solutions or manages a large number of mobile devices, we recommend:
- verify that security patches are up to date (patch management),
- review access rights settings and network segmentation,
- analyze data retention and deletion procedures,
- prepare technical and legal incident response procedures (GDPR, NIS2).
If necessary, we can provide a security audit, a GAP analysis , and the setup of incident response processes.
Today, cyber risks don’t start solely on servers. Often, the entry point is a mobile device that the user carries with them at all times.