NCTV leak continues: minister cannot fully assess damage

In February 2024, it was revealed that a 64-year-old NCTV employee, Ab el M., had been found with 928 secret documents. These included material from the AIVD and MIVD. The man was detained at Schiphol Airport in late October 2023 when he wanted to travel to Morocco. According to the Openbaar Ministerie 's Office, he had been in contact with Moroccan intelligence officials for years and allegedly collected and possibly leaked state secrets.

At his home were nearly 800 documents, 312 of which were classified as "state secrets." He also had more than 100 digital documents with him during his arrest at Schiphol Airport. The prosecution is still investigating some 46 terabytes of data carriers; a huge amount, comparable to 11.5 billion A4 sheets.

Motions

In response to the scandal, the House of Representatives passed two motions in April 2025:

1. A full damage and impact analysis: what information might have been leaked and what does it mean for the Netherlands?
2. A study of data security within the Surveillance and Security System, which the NCTV uses for personal security.

Full damage analysis remains impossible

In his letter, the minister writes that it simply cannot be determined with certainty which documents were actually leaked. As a result, a full damage analysis, as requested by the House, can never be made.

However, both the police and the NCTV did examine all the documents they did have at their disposal. In doing so, the police worked from a "worst-case scenario" and have already taken measures to mitigate risks to employees and investigations.
The NCTV is currently conducting its own damage investigation, for which it has requested access to the seized documents through the prosecution.

Securing state secret systems

The minister reports that the system handling state secret information for personal security has now been re-evaluated and accredited on Oct. 21, 2025 for the duration of one year.
All processes are governed by the strict rules of the VIR-BI and the Government Information Security Baseline (BIO).

Stricter rules on USB sticks and printing behavior

Following the intervention of the ADR (Audit Department Rijk), missing or poorly recorded USB sticks at the NCTV were also looked into. The records have since been tightened:

• Old USB sticks can no longer be connected to the state secret network.
• Employees must request permission to use data carriers.
• Employees are actively approached to turn in old USB sticks.

In addition, print permissions are restricted, records are kept of who prints what, and log files are actively monitored.

New cultural approach

In addition to technical measures, there will also be a broader insider-threat program, focused on awareness, behavior and recognizing signs of possible abuse. The minister emphasizes that measures alone are not enough: culture and alertness within the organization must also be considered.

Van Oosten writes that both the police and the NCTV have taken "important steps" to prevent a recurrence. The House will be further briefed later, to the extent possible without sharing confidential information.