What happened?
On December 13, 2023, Limburg.net, a waste intermunicipal company, was hit by a serious cyber attack in which hackers gained access to personal data of 292,734 customers. The stolen data included national register numbers and bank account numbers. Remarkably, old national registers from 2014 and 2015 were affected, but new data from 2016 was also compromised, mainly of Bilzen residents.
How did it happen?
The attack was carried out by an unnamed hacker group that managed to penetrate outdated servers. These outdated servers contained data that proved vulnerable to theft. It involved data from individuals who had registered with Limburg.net years ago for waste management. Despite the access to sensitive data, such as national register numbers and bank details, no direct ransom was demanded by the criminals.
What was the impact for the company?
The cyber attack affected nearly 300,000 residents of Limburg and Diest, 11,332 of whom were specifically affected in Bilzen. Although there were no operational disruptions in waste collection, the data theft caused great concern among the affected citizens. Limburg.net had to inform them personally and work to restore trust. The company stressed that it was careful to analyze the stolen data in collaboration with various security experts.
How could this have been prevented?
The attack highlights the importance of regular data audits and timely cleansing of outdated data to minimize potential security risks. In addition, implementing stronger encryption and up-to-date security protocols could have prevented the legacy systems from being vulnerable to access. Limburg.net continues to cooperate with the relevant authorities and is now more focused on further strengthening its cyber security.
This case shows that even relatively simple systems for waste management, for example, can be vulnerable if robust security measures are not taken. Organizations need to be aware of the risks of outdated data and systems.