Cyber Incident Victim: Royal HZPC Group B.V.
Date:
Sep 2023
Location:
Netherlands
Summary
Royal HZPC Group experienced a significant cybercrime incident involving unauthorized transfers of substantial funds to criminal-controlled accounts. The company collaborated with financial institutions and law enforcement to mitigate losses, later confirming the blocked status of the funds and initiating legal recovery procedures. Forensic investigations, both internal and external, remain ongoing alongside protracted legal processes. The event impacted the company’s financial statements and threatened to delay the adoption of annual accounts at an upcoming shareholder meeting.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On Thursday, September 14, 2023, Royal HZPC Group B.V., a potato breeding company, fell victim to a cybercrime incident involving unauthorized financial transfers. Criminals successfully transferred a substantial sum of money from the organization to a fraudulent bank account. The company immediately engaged law enforcement agencies and financial institutions to mitigate losses, though initial assessments indicated significant uncertainty regarding recovery prospects. An external forensic investigation was initiated to determine the scope and methodology of the breach. Concurrently, Royal HZPC was finalizing its 2022-2023 financial statements, with adoption scheduled for October 5, 2023, at the General Meeting of Shareholders. The cyber incident directly impacted these financial statements, necessitating revisions to account for the stolen funds. The event also threatened to delay the formal adoption of the annual accounts, creating operational and regulatory complications. Company representatives restricted public communications during the investigation, citing the sensitivity of ongoing forensic and law enforcement activities.
By Tuesday, September 26, 2023, Royal HZPC confirmed with reasonable certainty that the stolen funds had been traced to blocked bank accounts, removing them from criminal control. Legal proceedings commenced to formally recover the assets, with management expressing confidence in a successful outcome. Despite this progress, internal and external forensic investigations remained active to identify vulnerabilities and attack vectors. The organization maintained collaboration with banking partners and police authorities throughout the recovery phase. Financial repercussions extended to operational timelines, as the incident disrupted standard accounting processes and corporate governance activities. The full legal resolution was projected to span several months, reflecting the complexity of cross-jurisdictional financial crime investigations. No additional system compromises or data breaches were disclosed beyond the financial theft. The company’s public updates emphasized factual developments while withholding technical details to preserve investigative integrity.