Cyber Incident Victim: WMD Drinkwater

On May 17, 2024, AddComm—a vendor contracted by Dutch utility company WMD to handle customer communications such as invoices, welcome letters, and account statements—experienced a ransomware attack. AddComm detected the intrusion that afternoon and promptly notified WMD. The breach resulted in unauthorized access to WMD customer data processed by AddComm, though the specific compromised data elements remained undefined. AddComm assured WMD that immediate containment actions secured the data and minimized misuse risks, characterizing the likelihood of exploitation as "very small." WMD reported the incident to the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) on May 19 as a precautionary measure, despite no evidence of WMD’s own systems being compromised. The attack temporarily disrupted AddComm’s ability to send WMD customer communications via mail and email, though services resumed shortly after the vendor secured its systems.

The incident necessitated customer alerts regarding potential phishing risks stemming from the data exposure. WMD advised vigilance against unsolicited emails, SMS messages, or calls requesting personal information—even those appearing to originate from WMD—and provided specific verification protocols, including direct contact with its customer service team at 0592-854550 for suspicious communications. While WMD emphasized its contractual security requirements with AddComm, it acknowledged that attackers circumvented the vendor’s "highly advanced" defenses. No operational disruptions occurred within WMD’s internal infrastructure, and delayed confirmation emails were the only residual service impact noted for customers who had recently submitted account changes. The company directed customers to its privacy policy webpage and FAQ section for additional context on data handling practices and the incident’s scope.