Update data hostage situation at vendor

Many residents and businesses in our management area received their water tax assessment in the mail at the end of May. This also applies if you have chosen to receive the assessment in the message box. The assessment was sent on time, despite the hack at our supplier AddComm.

Due to temporary data hostage at our supplier AddComm, they were unable to send the assessment digitally. Meanwhile, services to HHNK have been safely resumed. Because of the privacy interests of the customers, arrangements have been made with the cybercriminals. On the AddComm website you can read how they acted after the hack. About the ransomware attack, AddComm posted a notice on May 22 at .  

Is data from HHNK involved in the data hostage situation? 

Data provided by HHNK of residents and businesses to AddComm has been in the hands of the cybercriminals. AddComm made a deal with the hackers and has reason to trust that that data will not be misused. Our advice: if you are not using direct debit, always check the account number you are transferring to: NL20 NWAB 0636 7586 80 (correct payments are also made to an ING account number ending in 2961. Preferably use the former account number). Or pay via my.hhnk.nl. There you will always find an up-to-date overview of your assessments.

What data has been in the hands of the criminals?

At the moment, of course, an investigation is taking place into the data hostage at Addcomm. This has already revealed that the personal data of less than 4% of the households in the area of HHNK may have been accessible. We cannot yet rule out the possibility that personal data such as name, address, place of residence, Citizen Service Number, account number and, for example, property ownership data were involved. Because many hackers are active and personal data more often fall into the hands of cyber criminals, we advise you to always be alert for misuse. Read our advice here. Or view information from the fraud help desk.

HHNK does not provide phone numbers or email addresses to AddComm, so that data cannot have been captured. Phishing via email, whatsapp or text message is therefore in any case not taking place via data provided through HHNK.  

How can I be sure my data will not be misused?

Unfortunately, we cannot give you any assurance about that. But based on information from AddComm, we now assume that the data has been cleared and cannot be misused. See their message here . Despite this, we recommend that you always be alert when making payments and especially with mail you are not expecting. Check account numbers prior to payments.

Why doesn't my tax assessment appear in My HHNK?

The hack disrupted part of the service provided by AddComm. As a result, the Water Board tax assessment can be downloaded via My HHNK somewhat later. However, you will already find the overview of outstanding assessments in My HHNK and can also pay your assessment through this secure environment. 

What does AddComm do for HHNK?

Based on data provided by HHNK via a secure portal, AddComm prepares (digital) water board tax assessments, reminders, demands and injunctions, and ensures that they are sent. AddComm also provides similar services for about sixty municipalities and commercial parties. That means that our supplier has a lot of data on a lot of private individuals and companies.

When was HHNK aware of the security incident at AddComm?

AddComm reported the security incident to HHNK on the afternoon of May 17. 

Has HHNK notified the Personal Data Authority? 

We filed a preliminary notification of a possible data breach with the Personal Data Authority on May 19. Based on new information from AddComm, the notification was supplemented on May 29.

Are HHNK's systems now also at risk?

HHNK's systems were not involved in this ransom attack at AddComm. 

Is there a financial problem for HHNK?

No