Cyber Incident Victim: Stad Diest
Date:
Dec 2022
Location:
Belgium
Summary
A cyberattack targeted the internal systems of Stad Diest, disrupting digital services including email, appointment scheduling, and online platforms. Critical impacts included limited access to municipal mailboxes, delayed response times, and temporary suspension of electronic payment processing. Service disruptions affected multiple departments: citizen affairs required appointment-based interactions with restricted request types, library services lost public PC and printing capabilities, and financial operations halted electronic payments. Physical services like childcare, museums, and swimming pools remained operational but with communication limited to phone contact. Partial recovery allowed some e-loket functionalities—such as address changes and document requests—to resume, while other systems like material lending and event bookings required manual coordination. The incident necessitated temporary workarounds across civic operations, with ongoing efforts to restore full functionality.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 7 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On December 12, 2022, Stad Diest reported a cyberattack compromising its internal computer systems, disrupting municipal operations. Unknown attackers targeted infrastructure critical to citizen services, including email systems, internet access, and specialized software supporting digital public assistance platforms. The breach rendered core administrative functions inoperable, preventing new citizen appointments and blocking access to online request systems. Initial assessments indicated the attack focused on disabling operational capabilities rather than immediately compromising public-facing websites, as diest.be remained accessible for basic information dissemination. Municipal staff lost access to email accounts, creating communication bottlenecks, though phone lines remained functional for urgent inquiries. The city launched an investigation to determine the attack's origin, scope, and responsible actors, though no attribution details were disclosed. Emergency protocols prioritized restoring essential services while assessing damage to backend systems. By December 13, officials established temporary service points at Scherpenheuvel-Zichem's town hall to process limited citizen requests, expanding partial functionality at Diest's own counters by December 15.
Recovery efforts progressed incrementally through February 2023, with significant service disruptions persisting for weeks. Critical systems like payment processing remained offline, forcing cash-only transactions for services like swimming pool access and garbage bag sales. The e-loket platform gradually restored 15 document request types by late December, including birth certificates and address changes, while excluding nationalization files and grave concessions. Library services operated with restrictions—identity card-only checkouts with five-item limits and disabled public computers/scanners. Construction permit submissions faced delays until processing systems stabilized, with the Flemish Government granting 30-day deadline extensions for ongoing cases. By February 2, appointment systems for housing, civil affairs, and urban planning departments resumed, though email access remained inconsistent across departments, causing response delays. Cultural venues maintained operations using external ticketing systems, while archives limited research capabilities to manual inventories. The city communicated restoration milestones through its website, implementing temporary workflows like paper-based civil registry services and phone-based public domain occupancy requests. Operational recovery remained incomplete two months post-incident, with lingering email disruptions and processing backlogs in property information delivery.