Cyber Incident Victim: Gemeente Ede

On July 8, 2016, a digital security staff member at the Municipality of Ede discovered a security vulnerability during a routine check of the municipal website. The vulnerability allowed unauthorized individuals to access a database linked to an online contact form where residents could submit questions or request contact from municipal services. This form required residents to enter their names and email addresses, though some users voluntarily added their social security numbers despite no official request for this sensitive information. Approximately 3,700 residents' personal data was compromised through this unauthorized access. The security personnel also identified that certain pages on the municipal website had been redirected to external pages promoting diet pills, indicating additional unauthorized modifications to the site infrastructure.

The municipality immediately engaged an external security agency to remediate the vulnerability and remove the malicious redirects following the discovery. Officials confirmed the breach impacted only the contact form's linked database and found no evidence of broader system compromise. All affected residents received direct email notifications detailing the incident and the specific nature of the exposed data. As a preventive measure, the municipality added prominent warnings on the contact form page advising residents against submitting sensitive personal information. No financial data or passwords were confirmed to be involved in the breach, though the exposure of voluntarily provided social security numbers created potential identity theft risks for an unspecified subset of individuals. The incident prompted internal reviews of website security protocols but did not result in public reports of subsequent misuse of the leaked data.