Cyber Incident Victim: DELTA Mobiel

On December 5, 2022, DELTA Fiber identified a data theft incident affecting customers of its subsidiaries DELTA Mobiel and Caiway Mobiel. Unauthorized parties exfiltrated personal data from the companies’ order systems, compromising customer names, addresses, email addresses, birth dates, telephone numbers, and bank account numbers. The breach exposed customers to heightened risks of email and telephone fraud, identity theft, and phishing attempts due to the sensitivity of the combined stolen datasets. Notably, the attackers did not access passwords, credit card information, or customer identification numbers, eliminating the need for password resets. DELTA Fiber acknowledged the theft occurred despite active cybersecurity measures, though the specific intrusion method or attacker identity remained undisclosed. The companies temporarily disabled their mobile service order pages to prevent further exploitation of the compromised systems.

DELTA Fiber initiated a coordinated response, personally notifying affected customers to raise awareness of potential fraud vectors. The Dutch Data Protection Authority (Autoriteit Persoonsgegevens) received mandatory breach notifications in compliance with regulatory obligations. Cybersecurity firm Tesorion was engaged to assist with incident analysis and remediation, while law enforcement agencies including police and judicial authorities collaborated in the investigation. The company publicly expressed regret over the incident and directed customers to dedicated informational pages (delta.nl/datadiefstal and caiway.nl/datadiefstal) for updates. Operational containment measures focused on securing the order environment, though no restoration timeline for the disabled platforms was provided. The response prioritized mitigating misuse of stolen data through customer alerts while maintaining transparency about the breach’s confirmed scope and limitations.