Cyber Incident Victim: Nijhuis Bouw B.V.

In February 2025, Nijhuis Bouw B.V., a construction company performing work on housing units for De Goede Woning, experienced a ransomware cyberattack. The attackers compromised the company’s computer systems, potentially exfiltrating personal data including names, addresses, and telephone numbers. Nijhuis Bouw engaged specialists to rapidly and securely restore its systems following the breach. While the company assessed that customer data might not have been stolen, it could not definitively rule out the possibility of data compromise. The attackers communicated a commitment to delete the obtained data and refrain from disseminating it online, facilitated by negotiations conducted through specialized intermediaries. No evidence suggested public release or misuse of the data at the time of De Goede Woning’s public notification on February 1, 2025.

The incident prompted Nijhuis Bouw to advise affected individuals to remain vigilant for potential phishing attempts, fraudulent calls, or emails impersonating legitimate entities. Specific guidance included avoiding clicks on suspicious links and withholding passwords or PIN codes in unsolicited communications. De Goede Woning directed individuals to report suspected fraud to the national Fraudehelpdesk via phone or its official website. Nijhuis Bouw established dedicated contact channels—[email protected] and 088 2041 777—for incident-related inquiries. No operational disruptions to construction projects were disclosed, and the company’s restoration efforts focused solely on system recovery without detailing additional security measures or forensic findings.