Cyber Incident Victim: PratenOnline.nl

On or around November 27, 2018, attackers breached PratenOnline.nl, a Dutch website providing anonymous chat support for young people with anxiety and depression. The assailants exfiltrated private user data, including email addresses and telephone numbers, and issued a ransom threat to publicly release the information unless paid. PratenOnline confirmed the theft and extortion attempt to RTL Nieuws but stated its investigation remained ongoing to determine the full scope. Initial reports conflicted regarding the compromise of chat logs: the organization asserted no conversations between users and professionals were captured, while an anonymous whistleblower via Publeaks claimed over 16,000 personal chats and data from more than 14,000 profiles were stolen. De Volkskrant reported that three chat excerpts were provided by the informant as evidence, though their authenticity remained unverified.

The breach exposed highly sensitive information from a vulnerable population seeking mental health support. PratenOnline did not disclose the ransom amount, the attackers' identity, or the language used in communications. Media coverage highlighted unresolved questions about the platform’s security architecture, particularly whether chat communications were encrypted to preserve anonymity. No containment measures or technical details about the intrusion method were revealed in available reports. The incident’s aftermath centered on conflicting claims about data sensitivity, with potential consequences including reputational damage to the service and risks to affected minors’ privacy. PratenOnline’s public statements focused on denying chat log compromise while acknowledging the theft of contact details, leaving the full impact uncertain pending investigation.