Cyber Incident Victim: Hogeschool van Arnhem en Nijmegen
Date:
Sep 2021
Location:
Netherlands
Summary
A hacker using the pseudonym 'masterballz' stole data belonging to students and employees of the Hogeschool van Arnhem en Nijmegen and subsequently published it online via a popular download service after the institution refused to pay a demanded ransom. The unauthorized disclosure followed the college's public stance against complying with the extortion attempt, resulting in the exposure of sensitive personal information.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
In early September 2021, a hacker operating under the pseudonym ‘masterballz’ infiltrated systems belonging to the Hogeschool van Arnhem en Nijmegen (HAN), a Dutch higher education institution, and exfiltrated sensitive data pertaining to students and employees. The attacker subsequently issued a ransom demand to the university, threatening to release the stolen information unless payment was made. HAN publicly confirmed its refusal to comply with the extortion attempt, maintaining a policy against negotiating with cybercriminals. Following this declaration, the hacker executed their threat by uploading the compromised datasets to a widely used internet download service, making them accessible to the public. Dutch media outlet RTL Nieuws verified the authenticity of the leaked data after independently reviewing the published materials. The breach exposed personal information, though specific data categories were not detailed in available reports. No technical specifics regarding the attack vector, such as malware deployment or vulnerability exploitation, were disclosed by the university or corroborating sources.
The unauthorized disclosure placed affected individuals at heightened risk of identity theft, phishing campaigns, and other forms of digital exploitation due to the exposure of their personal details. HAN’s decision to withhold payment constituted its primary documented response action, reflecting an organizational stance against incentivizing criminal behavior. No additional containment measures, forensic findings, or system recovery efforts were described in the available reporting. The incident drew media attention through coverage by outlets including Cybercrimeinfo.nl and RTL Nieuws, amplifying public awareness of the data’s availability. While the scale of the breach—including the exact number of impacted individuals—remained unspecified, the involvement of both student and employee records indicated a broad compromise of institutional data. The attacker leveraged public shaming tactics by disseminating the information through high-traffic platforms, maximizing visibility and potential harm to the victims.