Cyber Incident Victim: DigiD
Date:
Jan 2025
Location:
Netherlands
Summary
A large-scale DDoS attack targeted multiple services managed by Logius, including the government login system DigiD, causing temporary unavailability due to network overload. The attack employed exceptionally high traffic volumes directed at several systems simultaneously, overwhelming standard defenses despite existing robust DDoS protection measures and participation in an anti-DDoS coalition. This disruption prevented access to critical digital services used for taxation, benefits, healthcare, and other public functions for over five hours. The operator is investigating the incident's origin while analyzing data to implement enhanced mitigation measures against similar future attacks.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On January 14 and 15, 2025, Logius, the Dutch government’s digital service management organization, experienced widespread disruptions across its systems due to coordinated distributed denial-of-service (DDoS) attacks. The attacks targeted multiple Logius services simultaneously with an exceptionally high volume of malicious traffic, overwhelming network infrastructure despite existing protective measures. This resulted in the temporary unavailability of critical services, including DigiD, the primary authentication system for accessing Dutch government portals. The scale and breadth of the attack exceeded normal operational defenses, causing extended network congestion that rendered DigiD inaccessible for over five hours on January 14. Logius confirmed the incident stemmed from a deliberate large-scale cyberattack characterized by traffic bombardment from thousands of sources, designed to paralyze servers by creating systemic bottlenecks. The disruption directly impacted citizens’ ability to interact with essential services reliant on DigiD authentication, such as tax filings, municipal interactions, benefit claims via the SVB, healthcare insurance portals, educational finance systems, and pension management platforms. Logius emphasized that its infrastructure typically incorporates robust DDoS countermeasures, including partnerships with two specialized cybersecurity providers, but acknowledged the attack’s unprecedented volume necessitated further analysis.
Logius initiated an immediate investigation into the attack’s origin and technical characteristics while working to restore service availability. The organization highlighted its longstanding participation in the anti-DDoS Coalition, a collaborative alliance involving government entities, internet service providers, academic institutions, nonprofits, and financial sector partners, to strengthen collective resilience against such threats. No attribution to specific threat actors or motives was disclosed in the initial response. Service recovery efforts focused on mitigating network overload and analyzing traffic patterns to identify vulnerabilities exploited during the incident. Logius stated the findings would inform enhanced defensive measures to address similar attacks in the future, though specific technical adjustments were not detailed publicly. The incident underscored DigiD’s critical role as a centralized access gateway for public and private sector services, with prolonged unavailability disrupting administrative and financial transactions nationwide. Operational updates were communicated via Logius’ public channels, but the organization did not specify whether user data or authentication integrity was compromised during the outage.