Cyber Incident Victim: Wassenaar
Date:
Mar 2024
Location:
Netherlands
Summary
The ICT systems of the municipalities of Voorschoten and Wassenaar were hit by a cyberattack that caused a sudden peak in traffic, prompting officials to shut down the networks and stop the intrusion. A crisis team was assembled, contact was made with the VNG information security service and the National Cyber Security Centre, and police were enlisted to assist. The main effect was that employees could no longer work remotely, while all applications remained accessible on site; residents noticed no disruption and services continued uninterrupted. Staff worked through the weekend and by the start of the following week the systems were largely back to normal. Investigators have not yet determined whether the attack was targeted, and the municipalities have adjusted security measures, increased monitoring, and blocked certain foreign applications while the financial impact remains unknown.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 5 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On the morning of 29 March 2024, just before the Easter weekend, a sudden peak in network load was detected on the ICT systems of the municipalities of Voorschoten and Wassenaar. The observed anomaly prompted immediate shutdown of the affected systems, which halted the ongoing cyber attack. Following the shutdown, a crisis team was convened by the municipal colleges to coordinate the response. The team contacted the information security service (IBD) of the Association of Netherlands Municipalities (VNG) and the National Cyber Security Centre (NCSC) for assistance. Acting on advice from the NCSC, the police were also brought into the investigation. The primary consequence of the attack was that municipal employees lost the ability to work remotely, while all applications remained accessible only from the town hall offices. Residents did not experience any disruption in services, and service delivery continued unchanged throughout the incident.

Throughout the weekend of 30–31 March, municipal IT staff worked continuously to restore operations, and by Tuesday 2 April the ICT systems were functioning almost normally again. Although the joint municipal employees organisation had been dissolved years earlier, the ICT infrastructure of Voorschoten and Wassenaar remained jointly managed. Authorities have not yet determined whether the incident was a targeted attack, and the investigation is ongoing. In response, the municipalities have adjusted security measures at multiple points and have instituted continuous network monitoring. To safeguard the reliability of their ICT systems, a large number of applications hosted abroad have been made unavailable. The financial impact of the attack has not been disclosed or quantified in the available reports. The combined efforts of the crisis team, external security agencies, and police succeeded in repelling the attack and restoring normal service.
