Schedule a Demo
Back to Resource Center

The 11 biggest cyber attacks in The Netherlands of all time

Pim de Vos Marketing Manager

The number of cyber attacks in the Netherlands are growing rapidly every year. That’s why it’s harder than ever to safely run a successful business.

To learn from earlier cases of cyber crime and hopefully prevent more future cases, we’ve put together a list of the 16 biggest cyber attacks in Dutch history.

You’ll learn that even the biggest brands like Mediamarkt, RTL and the KNVB are vulnerable to modern cyber threats.

The biggest cyber attacks in the Netherlands


In 2023, the KNVB became the victim of a ransomware attack. The infamous Russian cybercriminal organization Lockbit threatened to leak sensitive documents if the KNVB didn’t pay the ransom. And eventually, they paid it. The exact number hasn’t been made public, but sources say it is around 1 million euros.

Lockbit threatened to share up to 300 GB of data, including passports and salary information from players of Oranje. The KNVB shared that they paid the ransom, but that the information may still be leaked.

2. Gemeente Hof van Twente

“Hello, need data back? Contact us fast.” That’s the message that Hof van Twente received in December 2020. The municipality turned out to be hacked, and their services to the community were paused for months on end because of it. The cyber criminals requested a ransom of 750.000 euros, but Hof van Twente refused to pay.

Because of this, all the software systems had to be rebuilt from the ground up. This cost the municipality 4,2 million euros in damages — which adds up to about 120 euros per resident.

The hackers were able to get into the one of the servers because the password turned out to be ‘Welkom2020’. Aside from that, more elementary precautions had not been taken by the municipality.

3. Universiteit Maastricht

Back in 2019, the University of Maastricht paid a ransom of 200.000 after being hit by a cyber attack. The ransomware shut down the university’s software systems for months. At that point, the university stated they saw no other way out than to simply pay the ransom.

After research done by Fox-IT, it became clear that the data leak was caused by a phishing attack. Somebody in the organization of the university had clicked a phishing link that looked like ‘the real deal’.

Once the cyber criminals were in, they also profited of multiple security updates not being done by the university. After a while, they had taken hostage of the entire network. The bad actors shut off the anti-virus software and shut down the systems.

The back-ups were also connected to the network so that the bad actors could also encrypt those.

This is one of the few stories about data leaks that actually has a somewhat positive ending. In 2022, the authorities found a part of the ransom that had been paid in crypto currency. Since the bitcoin had increased in value, they actually made a big profit when they got it back. The 200.000 euros they paid was now valued at 500.000.

4. VDL

VDL Groep, a big concern with 105 companies spread across Europe, America and Asia, was hit by a ransomware attack in 2021. All 105 companies were hit by the attack. This put a lot of their factories out of production and prevented them to communicate via email. It’s not clear how much ransom was asked by the cyber criminals.

In 2021, VDL Groep employed over 15.000 people worldwide and in 2020 they made 4,7 billion euros in revenue.

5. Van der Helm Logistics

Richard van der Helm, CEO of Van der Helm Logistics, always claimed to never pay criminals. That was until he found out that the computer systems of his logistics company had been hacked. The systems were completely shut down and the bad actors requested a ransom. Two days later, he paid the ransom.

After a security company told him that all the systems had to be revived and rebuilt, he knew it would take him weeks. This meant that contractual obligations wouldn’t be met and the company would go bankrupt in no time.

Van der Helm used an outdated VPN and didn’t use detection software. The bad actors had been trying countless variations of passwords. This activity would have been noticed with detection in place.

6. Gemeente Alkmaar

The municipality of Alkmaar also fell victim to a cyber criminal. Somebody who posed as the CEO of another organization sent an invoice of 236.000, which was paid under pressure of the fake CEO. This form of identity fraud is something we are seeing more often in the past couple of years.

Earlier, in 2020, Alkmaar had already been a victim of cyber crime when an employee clicked a phishing link. This lead to the data of thousands of residents to be public for a short period.

Both incidents are clear examples of why security awareness training is crucial.

7. De Mandemakers Groep

Back in 2021, the Mandemakers Groep was hit by a ransomware attack. The attack caused all computer systems to be shut down completely. The company didn’t want to share too many details about the attacker or the height of the ransom, but shared it was a “considerable amount”. In most cases, especially in 2021, attackers ask for huge amounts in bitcoin or other crypto currency.

8. RTL

Another striking example of a cyber attack was when RTL got hit by ransomware. The ransom of 8500 euros wasn’t high, which is interesting since RTL is such a well-known brand.

In this case, the attackers got access to RTL’s network because the login details of an employee from an external IT company were captured. This company was responsible for RTL’s network. There was no two-factor authentication in place, so the attackers could easily access the network.

The bad actors used the ransomware CryTOX to encrypt files on a couple of computers. On the screen a message was shown with the request to pay a ransom. A couple of important internal systems, such as the editorial system and the advertising planning system, were also shut down.

9. Mediamarkt

Back in 2021, Mediamarkt was hit by a ransomware attack. This paused their entire online business for weeks, forcing the company to only sell products that were available in-store. The attack hit a lot of Mediamarkt’s Windows systems, including 49 stores throughout the Netherlands.

The organization behind this attack is called Hive. This group is known to usually ask for millions of ransom in bitcoin. When Mediamarkt started a chat with the group, they replied as nicely as an average customer service agent would. “Hi, welcome to Hive. How can I help you today?” And after four hours of no reply, their second message is: “To make your files accessible again, you will need to pay 50 million dollars in bitcoin.”

Mediamarkt decides not to pay this ransom and the negotiations take a long time. In the end, they don’t pay at all.

10. Colloseum Dental Benelux

Colloseum Dental Benelux, an organization with 120 dental practices throughout the Netherlands, were forced to close for a short period when they were hit by a cyber attack. The organization treats over 600.000 patients per year.

All the practices were hit by a ransomware attack. Because of this, dentists couldn’t access the files of their patients, which made it impossible for them to do any treatments. The back-ups weren’t accessible.

The ransom that was asked has been paid by the dental company. “This was the only way for us to minimize the short term risk for everybody involved.” The exact amount of the ransom hasn’t been communicated.

11. ID-Ware

In 2022, the IT company ID-Ware got hacked. ID-Ware was responsible for the personal data of 3500 government officials, amongst other businesses. ID-Ware discovered that hackers had tried to infiltrate their systems. With ransomware, the bad actors encrypted sensitive data.

ID-Ware quickly recovered all data, but security specialists found that a large number of files had been made public.

According to De Volksrant, the organization ALPHV/BlackCat is responsible for the attack. They published a lot of information on the dark web.

Your organization just may be the next target

Many people think that these cyber attacks are only targeted at big organizations. But more SMB companies are hit by cyber attacks than ever.

These situations are often entirely preventable. 95% of all hacks and data leaks are caused by human error, such as a weak password or not updating systems.

Hackers are getting more aggressive, and your employees need to get much wiser about current cyber threats and data protection.

Guardey’s security awareness game is designed to train security awareness and establish lasting behavior change.

Don’t let cyber criminals outsmart you. Try Guardey for free.

Anouk CTA Guardey website

Experience Guardey today.

  • Try completely risk free
  • 24/7 support
Start 14-day free trial