Cyber Incident Victim: Vattenfall Nederland
Date:
May 2024
Location:
Netherlands
Summary
Vattenfall Nederland notified customers of a potential data breach stemming from a ransomware attack on AddComm, a third-party provider handling postal communications for the company. While the specific data impacted remains under investigation, Vattenfall acknowledged the possibility of customer information exposure and advised vigilance against phishing and phone scams. The company suspended data connections with AddComm and engaged in discussions to clarify the scope, pledging direct communication to affected individuals if their data is confirmed compromised. This incident also impacted other organizations utilizing AddComm's services for customer correspondence.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On May 17, 2024, Dutch energy suppliers Essent and Vattenfall Nederland issued warnings to customers regarding a data breach at AddComm, a third-party service provider responsible for managing their postal communications. AddComm had recently experienced a ransomware attack, prompting both companies to publish advisories on their websites. Vattenfall stated that the full scope of compromised data remained unclear, including whether its customer information was affected, as AddComm’s investigation was ongoing. The company advised customers to remain vigilant against potential phishing attempts or phone scams stemming from the incident. Vattenfall emphasized it was in contact with AddComm to expedite clarity on the nature of the exposed data and committed to directly notifying affected customers if their information was involved. Essent confirmed AddComm’s role in handling physical mail for customers who opted out of digital communications, clarifying that no evidence indicated data had been published or sold by attackers at the time of disclosure.
In response to the breach, Essent implemented immediate containment measures, including the temporary suspension of data connections with AddComm, and notified relevant authorities. Both energy suppliers underscored that AddComm processes sensitive customer data—such as tax notices, invoices, and payment reminders—on behalf of approximately sixty municipalities and commercial entities, amplifying potential risks across multiple sectors. Essent specified that only customers receiving physical mail required monitoring, though neither provider confirmed direct data exposure. Vattenfall expressed concern over the incident despite its external origin, reiterating its commitment to transparency with customers. AddComm’s investigation continued to determine the precise data impacted, while affected organizations maintained a posture of precautionary alerts pending further findings. The incident highlighted supply chain vulnerabilities, with ABN Amro, regional tax authorities, housing corporations, and utility providers previously issuing similar warnings linked to AddComm’s compromise.