Waste‑management firm hit by cyberattack

A waste company in the Dutch region of West Brabant kept garbage trucks moving after a cyberattack, but its phone system went down and staff lost access to part of the company’s data around 3:00 a.m. on Thursday, April 9. Saver said collections and processing continued even while office systems were taken offline. (zuidwestupdate.nl) That split is the part most people miss in attacks like this: the trucks, bins, and routes are one layer, and the phones, records, and planning tools are another. Saver’s director, Pieter-Balth Linders, said “outside” operations kept going while office staff in Roosendaal were suddenly working with major systems unavailable. (bd.nl) Saver serves municipalities from Zundert to Bergen op Zoom, so a full stop would have shown up fast on the street. Instead, the visible effect was narrower: residents could not reach the company by phone, and some digital records and planning data were no longer accessible. (bd.nl) The company says it still does not know exactly what was hit, whether files were copied or encrypted, or whether personal data was exposed. Linders said Saver works partly in cloud services and partly with centrally stored data, and that investigators are still figuring out which history and files were affected. (zuidwestupdate.nl) Saver brought in Eye Security and set up a crisis team on the same day, with daily status meetings and round-the-clock response. The company also said it contacted the Dutch Data Protection Authority, which is the national privacy regulator for possible data-breach reporting. (zuidwestupdate.nl) (autoriteitpersoonsgegevens.nl) That regulator’s rule is simple in principle and messy in practice: if personal data may have been accessed, stolen, changed, or lost, the organization has to assess the risk and may need to report the breach within 72 hours. The Dutch authority also says ransomware and similar attacks require technical investigation because the damage can spread beyond the first obviously affected system. (autoriteitpersoonsgegevens.nl 1) (autoriteitpersoonsgegevens.nl 2) Saver’s own data model may limit some fallout for residents. Linders said the company generally works with postcode and house number rather than full personal profiles for household collection, while business contacts are stored in a different system. (bd.nl) (zuidwestupdate.nl) Even so, small service losses can pile up quickly in waste management because the customer-facing tools are tied to everyday routines. Saver’s website offers an online waste calendar, pickup reminders in its app, and address-based records for container empties and deposits, which shows how much of the business depends on software even when the trucks themselves still run. (saver.nl 1) (saver.nl 2) (saver.nl 3) One detail from local reporting shows how uneven these disruptions can be: household pickup continued, but pest-control scheduling data was lost. That is what resilience often looks like in real life, with the core public service still functioning while side systems, call centers, and planning tools break first. (bd.nl) Linders said Saver does not think it was singled out personally and suspects the attackers may have come in through software used by multiple companies. As of April 11, Saver had not publicly said what kind of attack it was, how long recovery would take, or whether any data had definitely been leaked. (zuidwestupdate.nl)