Cyber Incident Victim: Voorne-Putten Werkt BV
Date:
Mar 2022
Location:
Netherlands
Summary
A cyberattack targeted Voorne-Putten Werkt BV, compromising its IT system and exfiltrating a significant volume of data while rendering it inaccessible internally. Attackers demanded a $650,000 ransom, which the organization refused to pay in alignment with national policy. Operational disruptions were mitigated by halting systems promptly and restoring functionality using controlled backups, alongside accelerating a pre-planned IT migration that introduced enhanced security measures. Concerns centered on stolen personal data potentially being misused, prompting immediate notifications to affected individuals—including vulnerable employees—with guidance on vigilance. Authorities, including the Dutch Data Protection Agency and Rotterdam police, were notified, while relevant municipalities, suppliers, and clients were informed of the breach.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
Voorne-Putten Werkt BV, a work-learning company, experienced a cyberattack during the week preceding March 3, 2022. Attackers gained unauthorized access to the organization’s IT systems, exfiltrating a significant volume of data and rendering it inaccessible to the company. By the weekend following the initial breach, the perpetrators demanded a ransom of 650,000 US dollars. The company publicly stated its refusal to comply with the payment demand, aligning with the Dutch government’s policy against capitulating to such extortion attempts. Immediate operational consequences included the deliberate shutdown of computer systems to contain the incident, resulting in temporary inaccessibility of certain business applications. Recovery efforts prioritized the use of controlled backups that underwent cleansing procedures where necessary, enabling the restoration of critical functions within a short timeframe. A pre-scheduled migration of the IT environment—originally planned for later that month—was accelerated to implement enhanced security measures, including a new authentication protocol activated on Monday, March 7.
The attack’s primary impact centered on the compromise of personal data, raising concerns about potential misuse. VPW BV initiated direct communication with affected individuals starting March 7 to disclose the breach and provide guidance on heightened vigilance. Special attention was directed toward supporting employees considered part of vulnerable demographics. Organizational response protocols included mandatory notifications to the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) and the filing of a preliminary report with Rotterdam police authorities. Key stakeholders received immediate alerts, including municipal governments of Nissewaard, Brielle, Hellevoetsluis, and Westvoorne, alongside supply chain partners and customers. While operational disruptions remained limited due to rapid containment actions, the incident underscored persistent risks associated with unauthorized data access and the procedural challenges of balancing system restoration with security enhancements during crisis management.