Cyber Incident Victim: Hoogheemraadschap Hollands Noorderkwartier
Date:
May 2024
Location:
Netherlands
Summary
A ransomware attack on the water authority's supplier AddComm resulted in the temporary hostage of data, disrupting digital tax assessment deliveries. Compromised information potentially included names, addresses, citizen service numbers, bank accounts, and property ownership details, though email addresses and phone numbers remained unaffected. The supplier negotiated with attackers, believing the data was erased and would not be misused. While the authority's own systems were not breached, it filed a provisional data leak notification with regulators and advised vigilance regarding payment verification. Services were restored securely, with delayed online tax document availability expected to normalize shortly. No financial loss was incurred by the authority itself.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
The ransomware attack targeting AddComm, a service provider for Hoogheemraadschap Hollands Noorderkwartier (HHNK), disrupted critical operations related to water authority tax assessments. AddComm notified HHNK of the security incident on the afternoon of May 17, 2024, revealing that cybercriminals had temporarily hijacked data essential for generating and distributing tax documents. This compromise forced AddComm to suspend digital delivery of tax assessments, though printed notices were mailed on schedule. HHNK confirmed AddComm possessed sensitive customer data on its behalf, including names, addresses, property ownership details, citizen service numbers (BSN), and bank account information—though email addresses and phone numbers remained unaffected. The attackers gained access to this information during the breach, prompting AddComm to negotiate a deal with the hackers based on assurances that the data would not be misused.
HHNK filed a preliminary data breach notification with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) on May 19, updating it on May 29 as AddComm provided additional information. While AddComm restored secure services for HHNK, the incident delayed digital tax assessment availability in the "Mijn HHNK" portal until June 3. Customers were advised to verify payment account details (NL20 NWAB 0636 7586 80) before transactions due to residual fraud risks, though HHNK emphasized its own systems remained uncompromised. The breach impacted AddComm’s operations for approximately sixty municipalities and commercial clients, amplifying concerns about third-party vendor risks. No financial losses were incurred by HHNK, and no evidence emerged of phishing attempts leveraging HHNK-sourced data during the incident period.