Cyber Incident Victim: Netherlands

On March 27, 2022, Dutch ICT service provider The Sourcing Company (TSC) suffered a ransomware attack attributed to the Conti group, resulting in the encryption of a portion of its servers. To contain the attack and facilitate recovery efforts, TSC proactively took additional network segments offline, causing widespread service disruptions for its housing corporation clients. The attackers exfiltrated sensitive personal data during the breach, including tenants' names, addresses, birthdates, BSN numbers (Dutch citizen service numbers), and bank account details. Conti subsequently published stolen files on its leak site. TSC initiated system restoration but provided no estimated recovery timeline, stating in a website notice that full operational recovery for clients remained uncertain. The company issued no further updates beyond its initial communication.

The attack impacted eight housing corporations relying on TSC's services: Alwel, Brederode Wonen, Laurentius, l'esceaut, Trivire, QuaWonen, De Woningstichting, and Zayaz. Investigations revealed compromised tenant data at multiple corporations, though the scale and confirmation of breaches varied. Zayaz confirmed attackers accessed or stored personal data for a small tenant subset, while Trivire asserted no evidence of its confidential data being leaked. Service disruptions persisted post-attack, with affected corporations reporting email and website unavailability, limited phone access, and inability to process tenant data normally. All impacted organizations notified the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) of the breach. Corporations engaged with the attackers but collectively refused ransom payment demands. Tenant notification processes remained pending as corporations worked to identify specifically affected individuals amid ongoing operational challenges.