Social housing tenants' data may have been stolen after IT supplier hack

The personal data of social housing tenants was possibly stolen by cyber criminals after a cyber attack on an IT supplier. Housing associations Staedion in The Hague and Eigen Haard in Amsterdam reported that data about their tenants may have been stolen at a digital breach of the company, AddComm.

AddComm is responsible for the digital messages that the associations send to their tenants. It is unknown what data was accessed or stolen. Staedion said that no passwords were able to be found. Associations reported the incident to the government's privacy regulator, the Authority of Personal Data. This is an obligation when a data leak has occurred.

Housing Association Portaal, which has properties in Utrecht, Nijmegen, Arnhem, Amersfoort, and Leiden, also reported that their tenants' personal data may have been leaked via a company that sends their digital messages. However, the association did not mention the name AddComm.

GBTwente also reported a data leak without mentioning the supplier's name. GBTwente collects levies for ten municipalities in Twente and the Achterhoek.

Pension fund PNO Media reported a data leak after an attack using malware on a supplier. The fund did not mention AddComm, but all the information corresponds to AddComm's own description.

On Thursday, regional water authority Hollands Noorderkwartier reported that data from inhabitants and companies in their area may have been stolen. AddComm sends the water board tax assessments for the Noord-Holland water authority.

AddComm systems are encrypted using malware. The attack on the company was discovered last week but had possibly been happening since the beginning of May.