Cyber Incident Victim: Aareon Nederland B.V.
Date:
Feb 2022
Location:
Netherlands
Summary
Aareon Nederland B.V. experienced a professionally coordinated cyberattack targeting its REMS datacenter in Amsterdam, detected by security systems and prompting immediate isolation of affected systems to prevent further damage. The organization notified customers, engaged law enforcement and data protection authorities, and initiated forensic analysis while restoring partial services within days using backups and infrastructure from its Mainz-based parent company. Internal and external experts confirmed partial data exfiltration and public exposure, advising precautionary assumptions that all processed data could be compromised despite expectations of limited actual leakage. The incident response prioritized operational recovery and customer data protection, leveraging the group’s established security protocols including regular audits, certifications, and collaboration with specialized cybersecurity providers for threat simulations. No other datacenters in the network were impacted by the attack.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 3 motives | 4 techniques |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On February 3, 2022, Aareon Nederland B.V.'s REMS datacenter in Amsterdam experienced a professionally coordinated and targeted cyberattack. Security systems detected the incident during the morning hours, prompting immediate containment measures. The datacenter took all affected systems offline to prevent further damage and initiated a comprehensive specialist analysis. No other Aareon datacenters were compromised in the attack. All customers received prompt notification of the disruption while investigators began forensic work. Aareon engaged law enforcement authorities and notified the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) about the breach. Partial restoration of REMS services occurred on February 8 through reconstruction efforts utilizing backups and infrastructure from Aareon Group's Mainz datacenter. Most clients had transitioned to the rebuilt environment shortly after services resumed. Internal and external expert teams worked continuously to restore full operational capabilities while maintaining security protocols throughout the recovery process.
Subsequent investigation confirmed that attackers successfully exfiltrated and publicly released a portion of the datacenter's stored information. While forensic analysis suggested only a fraction of data might ultimately become exposed, Aareon advised all stakeholders to operate under the assumption that all processed data could have been compromised as a precautionary measure. The company emphasized that protecting customer data represented its highest priority, referencing its established security practices including regular audits, data protection certifications, and collaboration with specialized firms conducting simulated cyberattacks. Aareon publicly condemned the attack while acknowledging the rapidly escalating global threat landscape of cybercrime. Recovery operations remained ongoing with 24/7 expert oversight focused on achieving full restoration of services without compromising system integrity or data security standards.