Cyber Incident Victim: Zuid-Holland

On March 29, 2024, shortly before the Easter weekend, a cyberattack targeted the shared ICT infrastructure of the municipalities of Voorschoten and Wassenaar in the Netherlands. At the end of the morning, administrators detected a significant spike in system load, triggering an immediate shutdown of affected systems to contain the threat. This decisive action successfully repelled the attack before operational disruption could escalate. The municipal councils were formally notified via a letter from the executive board confirming these events. A crisis team was rapidly activated following the detection, with authorities engaging both the Association of Netherlands Municipalities' Information Security Service (IBD) and the National Cybersecurity Center (NCSC) for technical support. On the NCSC's recommendation, law enforcement agencies were also notified to initiate investigative procedures.

The primary operational impact restricted municipal employees to on-site work at town hall facilities, as remote access systems became unavailable during the incident. Critical citizen-facing services remained fully functional throughout the attack, with residents experiencing no disruption to municipal operations. ICT personnel worked continuously through the weekend to restore systems, achieving near-normal functionality by April 2. While the two municipalities had dissolved their joint administrative organization years prior, their continued ICT infrastructure sharing amplified the attack's scope. Post-incident forensic analysis by relevant authorities remains ongoing to determine whether the attack was specifically targeted. Municipal officials implemented immediate security enhancements across multiple points of vulnerability, intensified network monitoring protocols, and restricted foreign-based application access to reinforce system integrity. Financial repercussions from the incident had not been quantified as of the last reporting.