Cyber Incident Victim: Gemeente Voorschoten
Date:
Mar 2024
Location:
Netherlands
Summary
A cyberattack targeted the ICT systems of Gemeente Voorschoten and the neighboring municipality of Wassenaar, prompting a sudden spike in traffic that led administrators to shut down the networks and halt the intrusion. A crisis team was assembled, and officials contacted the VNG information security service, the National Cyber Security Centre, and the police for support. While the attack prevented municipal staff from working remotely, all applications remained accessible on‑site and residents experienced no disruption to services. Over the weekend technicians restored functionality, and by early week the systems were operating almost normally. Authorities have not determined whether the incident was deliberate, and they continue to investigate while the municipalities have adjusted security measures, increased network monitoring, and limited access to certain foreign applications.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 5 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On the morning of March 29, 2024, shortly before the Easter weekend, a peak load was detected in the ICT infrastructure of the municipalities of Voorschoten and Wassenaar. The detection prompted an immediate shutdown of the affected systems, which halted the ongoing cyberattack. According to a letter from the municipal college to the council, this action successfully repelled the intrusion. The incident was reported to have taken place just before the holiday period, prompting urgent attention from local officials.

Following the detection, a crisis team was established immediately to coordinate the response. The team contacted the Information Security Service (IBD) of the Association of Netherlands Municipalities (VNG) and the National Cyber Security Centre (NCSC) for assistance. Acting on NCSC advice, the police were also brought into the investigation. The primary operational impact was that municipal employees lost the ability to work remotely; all applications remained accessible only from the town hall premises. Residents did not experience any disruption in services, and service delivery continued unchanged throughout the incident.
Throughout the weekend and into Tuesday, April 2, 2024, staff worked to restore the systems, after which the ICT environment was reported to be functioning almost normally again. Although the joint employees' organization of the two municipalities had been dissolved years earlier, their ICT services continue to be managed jointly. Authorities have not yet determined whether the attack was targeted, and the VNG IBD, NCSC, and police are conducting investigations. In response, the municipality has adjusted security measures at multiple points and has begun continuous network monitoring. To safeguard reliability, a significant number of foreign-hosted applications have been made unavailable. The financial repercussions of the attack remain unknown at this time.
