2025 BCM RELATED INCIDENTS IN THE NETHERLANDS
  • Home
  • 1 st Quarter
    • January, click for totals or click submenu >
      • Headlines - January
      • Saftety warnings and recalls - January
      • Incidents - January
    • February, click for totals or click submenu >
      • Headlines - February
      • Saftety warnings and recalls - February
      • Incidents - February
    • March, click for totals or click submenu >
      • Headlines - March
      • Saftety warnings and recalls - March
      • Incidents - March
  • 2nd Quarter
    • April, click for totals or click submenu >
      • Headlines - April
      • Saftety warnings and recalls - April
      • Incidents - April
    • May, click for totals or click submenu >
      • Headlines - May
      • Saftety warnings and recalls - May
      • Incidents - May

Headlines March

Picture
Picture
Picture
Negotiating with rock-hard criminals
Rijssen-based contractor Nijhuis Bouw was hacked in early February and held hostage for about five days by cybercriminals. The nationwide company decided to pay the criminals to pay a “ransom. Data of thousands of tenants of 50 affiliated housing associations may have been in the hands of the perpetrators. The exact extent of the data breach is not yet known. Tenants have since been informed. Managing director of Nijhuis, Robbert Wittmaekers, does not dare to put an exact number on the leaked data: “But it does involve thousands of people.” They have been informed by their own housing corporation. A data inventory is still in progress to find out whether there are other tenants or buyers whose data has been leaked. Should that be the case, the company will contact the individuals concerned as soon as possible. The other branches in Assen, Zwolle, Enschede and Apeldoorn were also affected by the hack. The technical investigation into how the hack could have occurred has been completed.

Hostage software
The hackers used ransomware, also known as hostage software. Such software encrypts users' data data for later decryption in exchange for a ransom.
So in this case, it was the contact information of the tenants. Wittmaekers says the hackers were only after money. Nijhuis paid, in exchange for an assurance that the stolen data would not be distributed and that the hackers would delete the data. External cybersecurity specialists and lawyers negotiated that agreement. “The hackers promised they wouldn't do anything with the data, but you negotiate with criminals. So you don't have a hundred percent guarantee that they will keep the promise. The specialists also told us, based on their experience, that it is not unlikely, after the negotiations, that the data will still be distributed. We are doing what we can, but unfortunately we cannot offer complete assurance.

How much money was paid to the hackers, Wittmaekers keeps to himself. He does say that they did not go for the cheapest option, but for the most secure option. During the night of Saturday, Feb. 2, to Sunday, Feb. 3, the cybercriminals penetrated the system. Says Wittmaekers, “We know it wasn't on the Cloud environment and it wasn't phishing, but there was a vulnerable physical spot somewhere. We identified that and closed it.” Nijhuis uses 24/7monitoring, so the systems are constantly monitored. This does require people to be physically present. On weekends, there is no such physical monitoring. That gave the hackers the opportunity to penetrate the system.

Backups important
“An IT employee noticed the hack Sunday morning. Then we immediately severed all physical connections to the systems. We do take a different approach to constant monitoring from now on, so that there is always physical surveillance. Also on weekends.” The contracting company revisited all other cyber-security measures and improved them where necessary. Niihuis was held hostage for about four to five days, says the general manager. By Friday, fortunately, we were up and running again. Because of the backups Nijhuis had made, the company was able to restore the systems.
The contractor did not have to shut down its operations because of the hack. Nijhuis does not know who is behind the hack. The company is going to file a report.

Source: Tubantia

More food establishments urgently closed after pest nuisance
Last year, the Netherlands Food and Consumer Product Safety Authority (NVWA) ordered 65 food establishments to close their doors urgently because of acute danger from pests. That is almost twice as many as in 2023, when 34 businesses had to temporarily close their doors. In most cases, an infestation of mice was the problem. There were also cases of nuisance rats and cockroaches.

Harshest measure
Emergency temporary closure of a business is the heaviest measure the NVWA can take when serious public health risks are found. Nuisance pests can be a reason, as they spread bacteria and disease through their feces.Once a business has removed all contaminated food, thoroughly cleaned the premises and taken steps to control the pests, it may reopen. Entrepreneurs in the food industry are required to actively keep pests out, the NVWA says.

Source: https://nos.nl/artikel/2558390-meer-voedselbedrijven-met-spoed-gesloten-na-overlast-van-plaagdieren

Over a thousand soldiers traceable via Strava: 'Enemy can misuse data'
Data of more than a thousand military personnel can still be seen because they use the app Strava. That is a sports app that allows you to track performance. Because soldiers do this on military bases, their profile picture and place of residence can be found in a few clicks. This is according to research by Omroep Gelderland. The broadcaster found out names of some 2,000 military personnel who were active in the provinces of Gelderland, Brabant and Drenthe in the past two years.

On Strava, athletes share their achievements; for example, of a round of walking or running. The app has the option to create a ranking with the fastest times on a particular route. All athletes who complete that route will appear on that ranking. It turns out that routes on secure Defense Department grounds also show up in the rankings. In many cases, the name on the rankings was also accompanied by a profile picture and in half the cases even the place of residence, the broadcaster writes. Some profile pictures clearly show that someone is military; something Defense would rather not have.

Radar of the enemy
“It's really quite bad,” says Matthijs Koot, an expert in digital data protection and privacy. According to him, it is easy to combine the names of military personnel found through Strava with information obtained through a data leak from a web shop, for example. “So then the enemy also knows your e-mail address, phone number and home address,” he says. And that can be dangerous, he says. “As a military officer, you have access to buildings, people and systems that the enemy could be interested in.”

Private account
Users of Strava have several options to determine the extent to which they want to shield their account and activities. Even if an account is shielded, users can appear in the rankings that Strava displays unless settings are specifically adjusted to do so. Even from a protected account, the name, profile picture and possibly the place of residence are still visible, according to research by Omroep Gelderland. In Gelderland, a quarter of the military has such a private account. So everything of the other three-quarters can be viewed - including recorded sporting activities abroad and at sensitive locations.

National security
A Defense Department spokesman acknowledges that the enemy can indeed misuse that kind of information. “The public sharing of data can lead to situations where soldiers are put under pressure, with all the possible consequences. For themselves, their families, but also for national security.”  Defense has therefore been warning military personnel for years to be careful when using social media and not to share data that shows they are working for defense. On Defense work phones, apps such as Strava are not to be used, the spokesman said. “But Defense personnel need to be aware that through the use of private devices and certain apps, they can put information about themselves and about Defense out in the open, when that is not desirable.” “Increased measures may follow where necessary,” the spokesperson said. No further statement was made about those possible additional security measures.

Previous controversy
This is not the first time the use of sports apps among military personnel has been a topic of conversation. The Guardian revealed in 2022 that locations of secret Israeli army bases were findable via Strava. And in 2018, Bellingcat and De Correspondent found out personal information of more than 6,000 people via fitness app Polar.

Source: https://nos.nl/artikel/2560278-ruim-duizend-militairen-te-traceren-via-strava-vijand-kan-data-misbruiken

Pressure on power grid worsens: number of waiting companies doubled in a year
The waiting lists for a connection to the congested power grid only continue to grow. The number of companies waiting for a connection has almost doubled in one year to twelve thousand. On the contrary, the number of connections realized is falling.  This is according to figures from the National Action Program Net Congestion (LAN), owned by NU.nl. Actually, the queuing figures were supposed to be presented on Friday, but they turned out to be put online prematurely. The figures have since been taken offline again. “Queueing is a new reality and the length of the queue continues to increase, leaving us with a major challenge in the Netherlands,” the LAN report notes. In addition to the 12,000 companies that want to buy electricity, there are also more than 8,000 waiting people who actually want to feed power back, such as from large solar roofs or parks. That's a growth of 31 percent.

The figures show what a massive rebuild is needed to expand the Dutch power grid and enable the sustainability of homes and businesses. For example, an estimated 670 new high-voltage substations are needed. Last year, 1 of these was realized. However, extensions to the high-voltage grid are under construction at 71 locations.

Neighborhoods tackled more often at once
In residential areas, 50,000 new transformer substations are needed. Last year, 2,400 of these were constructed, 61 percent more than a year earlier. But fewer homes and charging stations were actually connected to the grid. “This is mainly due to decreased demand and partly due to a shortage of personnel,” the report states. The number of larger companies connected directly to the medium-voltage grid also went down. Only 662 connections were added there, down 23 percent from 2023 and half as few as in 2021. There is now no room for more new connections due to the congestion on the grid. The number of new medium-voltage substations did remain stable, at 23. In the coming years, network operators will increasingly expand the power grid on a neighborhood-by-neighborhood basis, in order to make meters faster. This “neighborhood approach” was applied in eleven neighborhoods last year; this year, 135 are planned. One challenge, however, is the shortage of technicians. Currently, grid operators are already short of 10,000 staff, and that number will continue to grow to 30,000 by 2030.

Flexible use still limited
Two weeks ago, officials released a report warning of a sharp rise in energy costs due to the billions invested in the power grid. If the government does not act, we will be paying twice as much for electricity by 2040 because these investments will be paid for through energy bills. One way to reduce these costs somewhat is to make smarter use of the electricity grid. This would require households and businesses to be more flexible with their electricity consumption, by avoiding rush hours and charging cars or running machines when the sun is shining. Figures from the grid operators show that this is happening sparingly at companies. Over a hundred companies have a contract that sometimes limits their access to the power grid. For example, they can use less power during certain parts of the day, or must turn off equipment at the request of the grid operator. The number of companies with such a contract is growing, but is still a fraction of the total. There are now 22 large-scale batteries connected to the grid. Together these have a greater capacity than the nuclear power plant in Borssele. Grid operators hope that more and more batteries will store renewable power that can later be used instead of power from gas or coal plants.

Source: https://www.nu.nl/klimaat/6349771/drukte-op-stroomnet-verergert-aantal-wachtende-bedrijven-in-een-jaar-verdubbeld.html

Patients miss out on donor kidney due to software error at Eurotransplant
Twelve patients who were on the waiting list for a donor kidney have fallen victim to a software error. An organ was available that might be suitable for them, but they never received an offer. Minister Agema (Public Health) writes to the House of Representatives that she finds it “very regrettable” that this incident took place. “A great disappointment for the patients involved,” she calls it.
The cause was a faulty software update at Eurotransplant, the organization that allocates donor organs in a number of European countries, including the Netherlands. That happened in July 2024, but the error was only discovered in October. As a result, 56 patients from seven countries may have missed an offer that could have led to transplantation.

Finding suitable kidney difficult
The 12 Dutch patients belong to a group with many antibodies, which means it is difficult to find a suitable donor kidney for them. All of them have since been informed personally about the incident. Two of them have since undergone a kidney transplant anyway.
The incident at Eurotransplant was reported to the Health Care and Youth Inspectorate (IGJ). The IGJ has ruled that the measures taken by Eurotransplant to correct the error and prevent a recurrence are sufficient.

https://nos.nl/artikel/2561835-patienten-lopen-donornier-mis-door-softwarefout-eurotransplant
next page
Translated from Dutch to English with Deeple Translate

Don’t think it will not happen to your organization, but think about, when it will happen, what will be the impact.

  • Home
  • 1 st Quarter
    • January, click for totals or click submenu >
      • Headlines - January
      • Saftety warnings and recalls - January
      • Incidents - January
    • February, click for totals or click submenu >
      • Headlines - February
      • Saftety warnings and recalls - February
      • Incidents - February
    • March, click for totals or click submenu >
      • Headlines - March
      • Saftety warnings and recalls - March
      • Incidents - March
  • 2nd Quarter
    • April, click for totals or click submenu >
      • Headlines - April
      • Saftety warnings and recalls - April
      • Incidents - April
    • May, click for totals or click submenu >
      • Headlines - May
      • Saftety warnings and recalls - May
      • Incidents - May