Cyber Incident Victim: Scalda

On or around December 1, 2022, the vocational education institution Scalda in Vlissingen experienced disruptive distributed denial-of-service (DDoS) attacks targeting its network infrastructure. The attacks originated from one or more individuals within the school or were internally coordinated, according to Scalda's internal assessment. These attacks overwhelmed the institution's servers with excessive data traffic, degrading network accessibility for legitimate users. The disruption caused several classes to be canceled, directly impacting educational continuity. Scalda communicated via email to students and staff that the attacks were creating "major disruptions" that "seriously undermine the progress of education." Technical countermeasures implemented by the school and its network provider inadvertently affected both malicious and legitimate data traffic, resulting in additional WiFi network instability across the campus. A Scalda spokesperson later confirmed the immediate technical issues had been resolved, though the institution remained engaged with its provider to minimize future disruptions during subsequent attacks.

Scalda initiated a multi-faceted response, including filing a police report after consultations with law enforcement, who agreed to investigate the incident. The institution also enlisted a cybersecurity expert to assist in identifying the perpetrators. Internal outreach encouraged students and staff with relevant information to report details to mentors or team leaders. Mitigation efforts focused on refining network provider configurations to distinguish between attack traffic and legitimate educational operations, though these adjustments initially exacerbated WiFi reliability issues. Scalda emphasized the legal consequences of conducting DDoS attacks, underscoring the criminal nature of such acts under Dutch law while continuing operational recovery measures to stabilize academic activities.