Cyber Incident Victim: Xonar

Xonar, a youth care institution operating in Zuid-Limburg, suffered a cyberattack between December 21, 2023, and January 8, 2024, with the intrusion occurring shortly before Christmas. Attackers gained unauthorized access to portions of Xonar's network, specifically compromising email systems and file directories, resulting in confirmed data theft. The organization detected the breach and immediately implemented containment measures, including blocking the attackers' access pathways and securing remaining data assets. External cybersecurity experts were engaged to assist with forensic analysis and remediation efforts. Xonar formally reported the incident to the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) and initiated contact with law enforcement agencies. Care services remained operational throughout the incident, with Xonar explicitly confirming no disruption to client care continuity.

The organization launched an ongoing investigation to determine the precise scope of compromised data, which remained unpublished as of January 9, 2024. Proactive notifications were issued to all employees, clients, contact persons, and external partners as a precautionary measure despite the undetermined specifics of affected individuals. Email communications sent to Xonar during the intrusion period (December 21, 2023 - January 8, 2024) were potentially compromised, prompting requests for resubmission of correspondence. Technical recovery efforts included validation of backup integrity and system cleansing operations. Xonar declined to confirm whether ransomware demands were made or paid, stating only that they would not disclose negotiation details with threat actors. Operational impacts included delayed response times in administrative functions, though financial obligations continued to be met. The institution expressed confidence in organizational survival without jeopardizing operational continuity while maintaining monitoring for potential publication of stolen data.