European Data Protection Board

EDP, also known as the European Data Protection Board, is an internet service provider headquartered in Belgium. The organization operates within the European telecommunications sector, providing core services such as internet connectivity and DNS infrastructure to customers in Belgium and potentially other European markets. Its inclusion among the ISPs targeted in a major 2020 incident confirms its role in maintaining critical domain name system servers, which are fundamental to internet functionality. The dual naming convention suggests a possible affiliation with European data protection frameworks, though the precise nature of this relationship is not elaborated in available records. The company's operational footprint is defined by its participation in the regional ISP ecosystem, contributing to the broader European internet infrastructure. Its services likely encompass broadband provision and domain resolution for both residential and commercial clients. The exact scale of its operations, including customer base or network size, is not specified in the provided information. As a Belgian entity, it operates under the jurisdiction of European regulatory environments, which may influence its compliance and operational standards. The organization's market position is that of a regional telecommunications provider with a focus on DNS services, a specialized component of internet infrastructure. Its headquarters location in Belgium places it within a key hub for data governance and technology regulation in Europe.

In August 2020, EDP was subjected to a severe distributed denial-of-service attack as part of a coordinated campaign against multiple European ISPs. The assault employed DNS amplification and LDAP reflection techniques, with attack volumes peaking at 300 Gbit/s, causing temporary service disruptions across its infrastructure. The incident was mitigated within a 24-hour period, demonstrating the organization's capacity for incident response and recovery. Dutch authorities later connected the attacks to extortion demands involving Bitcoin, although no definitive attribution was ever established. This event represents a significant cybersecurity challenge in EDP's operational history, highlighting the vulnerability of DNS infrastructure to large-scale, sophisticated attacks. The coordinated nature of the campaign across Belgium, France, and the Netherlands indicates a targeted effort against European internet backbone providers. EDP's involvement underscores its role as a notable player in the regional telecommunications landscape, with infrastructure deemed significant enough to be included in such an attack. The use of advanced DDoS methods reflects the persistent and evolving threat environment facing ISPs. Despite the disruption, the organization restored services promptly, adhering to industry-standard mitigation practices. The extortion component points to financially motivated cybercrime, a common driver for such attacks. The absence of attribution leaves open questions regarding the perpetrators, whether criminal syndicates or other actors. This incident likely prompted EDP to reassess and strengthen its DDoS protection and overall security posture. The event also illustrates the interconnected risks among European internet service providers and the shared need for robust defensive measures. No long-term operational or financial impacts are reported, but the attack serves as a documented case of ISP resilience under extreme duress.