Cyber Incident Victim: NederWoon Rental Housing Agency
Date:
Jan 2017
Location:
Netherlands
Summary
Hackers breached a Dutch rental housing agency, compromising sensitive personal data including identity card scans, names, addresses, contact details, and national identification numbers submitted by prospective tenants. The stolen information enables identity theft risks such as fraudulent financial activities. The company alerted affected clients to potential phishing attempts but could not confirm the total number of impacted individuals. Operating across eight branches and managing approximately 25,000 rental properties, this incident marked the second major cybersecurity breach targeting a housing provider in the same year, following a separate attack compromising data from tens of thousands of registrants at another organization.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
Between 2017 and 2019, hackers infiltrated the computer systems of Dutch rental housing agency NederWoon, stealing sensitive personal data belonging to individuals seeking housing through the company. The compromised information included scans of identity documents such as passports or ID cards, which contained victims' names, addresses, contact details, and Burger Service Nummer (BSN) personal identification numbers. This data had been uploaded to NederWoon's systems by prospective tenants during their housing applications. The breach exposed victims to significant identity theft risks, as the stolen BSN numbers and identity documents could enable criminals to open fraudulent bank accounts or obtain loans under false pretenses. The attackers successfully exfiltrated hundreds to potentially thousands of records before being detected, though the exact scale remained unconfirmed at the time of disclosure.
NederWoon publicly disclosed the incident on May 23, 2019, notifying affected clients about the breach and advising vigilance against phishing attempts leveraging the stolen data. The company acknowledged uncertainty regarding the total number of impacted individuals across its eight branches in cities including Amsterdam and Utrecht. As an agency managing rental contracts for approximately 25,000 properties, NederWoon's compromised systems contained extensive applicant information accumulated over the two-year intrusion period. This marked the second major Dutch housing agency breach within months, following a March 2019 incident where thieves stole data on 49,000 individuals from Altijd Wonen. The repeated targeting of housing agencies highlighted sector-specific vulnerabilities to cyberattacks seeking personally identifiable information valuable for financial fraud.