Cyber Incident Victim: Politiezone Vlaams-Brabant Zuid-Oost
Date:
Nov 2022
Location:
Belgium
Summary
A Belgian police zone suffered a ransomware attack by the Ragnar Locker gang, who mistakenly breached law enforcement systems while targeting a local municipality. The incident exposed extensive data spanning over a decade, including personnel records, crime reports, fines, child abuse imagery, telecom metadata of individuals under surveillance, and traffic camera footage revealing citizens' movements. While the agency claimed only administrative networks were compromised, journalists confirmed sensitive operational data leakage impacting thousands. The breach stemmed from human error and exploitation of an insecure Citrix endpoint, prompting a criminal investigation. This is considered Belgium's most significant law enforcement data leak, with potential lifelong identity theft risks for affected individuals.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On or around November 25, 2022, the Ragnar Locker ransomware gang breached systems belonging to the Zwijndrecht local police unit in Antwerp, Belgium, after mistakenly targeting what they believed was the municipality of Zwijndrecht. The attackers gained access through a poorly secured Citrix endpoint, compromising administrative networks containing data accumulated from 2006 until September 2022. Stolen information included thousands of car license plate records, fines, crime reports, personnel files containing staff lists and photos from internal events, investigation documents, and sensitive materials such as child abuse imagery. The gang subsequently published this data, prompting Belgian journalist Kenneth Dée to analyze the leak and identify additional exposed materials, including telecom subscriber metadata, SMS messages related to covert police operations, and traffic camera footage revealing individuals' movements at specific times. Police Chief Marc Snels confirmed the incident, attributing the breach to human error in storing sensitive operational data on administrative networks instead of more secure professional systems. Authorities initiated contact with affected individuals, including police personnel whose personal information was exposed.
The breach represented one of Belgium’s most significant law enforcement data leaks, compromising 16 years of records and exposing vulnerabilities in local police data management practices. While the national police network remained unaffected, the incident jeopardized ongoing investigations by revealing surveillance details and informant communications, potentially endangering witnesses and undermining operational security. Exposed citizens faced heightened risks of identity theft and targeted retaliation, prompting privacy advocate Matthias Dobbelaere-Welvaert to recommend document replacements such as passports and license plates. Belgian prosecutors opened a criminal investigation into the hacking incident, though the national data protection office had not yet announced formal proceedings at the time of reporting. Journalist Dée characterized the event as a systemic failure, emphasizing the need for improved data handling protocols across local police jurisdictions to prevent future compromises of sensitive citizen information.