Cyber Incident Victim: Stadgenoot

The Stadgenoot cyber incident occurred in February 2021 when attackers compromised the website of the Amsterdam-based housing corporation. Unauthorized actors exfiltrated personal data belonging to approximately 30,000 individuals who had shared information with the organization. The breach involved sensitive details including full names, physical addresses, and email contact information. For a subset of affected parties, the compromise extended to more sensitive records such as vehicle license plate numbers and approximate annual income indicators. Stadgenoot detected the intrusion and formally notified impacted customers via email on February 24, 2021, the same day public reporting emerged about the incident. The corporation's spokesperson confirmed the scope of stolen data categories but did not disclose technical details regarding the attack methodology or intrusion timeline.

Initial reports indicated the breach originated through a compromise of Stadgenoot's third-party web hosting provider rather than direct infiltration of the corporation's internal systems. The theft of financial indicators (annual salary references) and vehicle registration details created heightened privacy risks beyond basic identity exposure. Stadgenoot's disclosure did not specify whether encrypted data was accessed or if attackers obtained credentials facilitating further system access. No information was provided regarding detection methods, containment procedures, or whether law enforcement investigations were initiated. The incident exposed vulnerabilities in supply chain security affecting housing corporations managing sensitive tenant information through external digital platforms.