Overview
- Following Thursday's disclosure, the municipality said criminals stole 552,000 files with core personal data for almost every resident, and about 1,000 people had copies of their ID documents taken.
- Investigators say the break-in began March 10 through a “click‑fix” ruse that showed a fake CAPTCHA and tricked a worker into pasting a command that installed malware.
- Attackers likely guessed a system administrator password and, on March 12, downloaded a legacy file server used for older workflows, which triggered security alarms before wider systems were locked.
- The town is mailing notices to all residents, with a separate letter by May 8 for those whose ID copies were taken so they can replace passports, ID cards, or driver’s licenses at no cost.
- Police and the Dutch privacy regulator were notified, no ransom demand has been received, nothing has surfaced on the dark web so far, and security experts urge residents to watch for scams and SIM‑swap attempts in a climate shaped by recent leaks at firms like Odido and Basic‑Fit.