Back to overview
Confidence HighDec 10, 2024jccsoftware.nl

JCC Software geeft 'klassiek' datalek pas na drie weken toe

PatternExternal actor · Error · Confidentiality impact

JCC Software, onderdeel van Conxillium, a Dutch software provider for municipalities, admitted to a data leak that exposed personal data of thousands of citizens. The breach, caused by a test server linked to the production system, led to the theft of 100,000 personal data records and 7,000 citizen service numbers (BSNs) from the municipality of Amersfoort. Municipalities Dinkelland and Tubbergen were also affected. The company reportedly delayed disclosure for three weeks.

Signal date
Dec 10, 2024
Updated
Jul 1, 2026
Confidence
High
Sources
2 sources
jccsoftware.nl logo

Jccsoftware

Sector
Information
Signals
1 linked

Signal context

First seen: Dec 10, 2024

Last updated: Jul 1, 2026

Status: Public signal

Key points

  • Data leak affecting thousands of citizens.
  • 100,000 personal data records and 7,000 BSNs stolen from Amersfoort municipality.
  • Municipalities Dinkelland and Tubbergen also impacted.

Signal analysis

Beta

This analysis groups the signal by industry, likely incident action and impacted security area. It helps compare this signal with other published signals without treating the labels as final determinations.

Affected organization
Jccsoftware logo
Jccsoftware

Sector: Information

Likely country: 🇳🇱 Netherlands

inferred from company domain

    Estimated
    Threat source
    Error activity

    Watch process controls, misconfiguration and accidental disclosure paths.

    • Source type: outside the affected organization
    Business impact
    Potential data exposure

    Impact area: Confidentiality

    Likely asset: User or customer data, Server or cloud data store

    Trend context
    14 signals with similar action pattern
    • 23 signals in the same sector
    • 88 signals with the same likely impact area
    • 1 signal linked to this organization/domain
    Mentioned entities
    JccsoftwareData DisclosureJCC SoftwareConxilliumDutchBSNsAmersfoort. Municipalities Dinkelland and TubbergenAmersfoortMunicipalities Dinkelland and Tubbergen

    External sources

    Related signals

    Grouped by why the signal is relevant.

    keewah.com logoKeewahJun 22, 2026
    Same sectorSame action patternSame impact area

    Kee Wah Bakery Hit by Ransomware Attack, Data Leak Fears Emerge

    Hong Kong's famous Kee Wah Bakery revealed on June 22, 2026, that it was hit by a ransomware attack on its internal network. The incident, which caused network malfunctions last Friday (June 19), targeted systems containing employees' personal data, as well as information related to business partners, online store customers, and mobile app members. While the company could not confirm if data was extracted, it has engaged cybersecurity experts, notified the Office of the Privacy Commissioner for Personal Data and police on Sunday (June 21), and is contacting affected parties as a precautionary measure. No customer payment or credit card information was involved.

    jeveuxaider.gouv.fr logoJeveuxaiderJun 16, 2026
    Same sectorSame action patternSame impact area

    French Government Platform Jeveuxaider.gouv.fr Suffers Data Leak Affecting 550,000 Accounts

    On June 16, 2026, the French government announced that its volunteering platform, Jeveuxaider.gouv.fr, had been a victim of a personal data leak affecting approximately 550,000 accounts.

    chipsoft.nl logoChipsoftJun 12, 2026
    Same sectorSame action patternSame impact area

    Dutch hospitals restore digital access after cyberattack on ChipSoft

    On June 12, 2026, reports indicated that Dutch hospitals were restoring digital access following a cyberattack on ChipSoft, a major healthcare software provider. The attack had previously caused patient files to become inaccessible at multiple locations, leading fifteen hospitals to preventively block all electronic patient information. This measure forced doctors to revert to paper records and oral transfers. While the incident was not a data leak in the traditional sense, it was a significant attack on the health infrastructure of the Netherlands, carried out through a single supplier serving numerous hospitals.

    aivd.nl logoAivdJul 1, 2026
    Same sectorSame impact area

    CTIVD: AIVD en MIVD verwerken persoonsgegevens in bulkdata onrechtmatig

    The Dutch intelligence services, AIVD and MIVD, have unlawfully processed personal data in bulk datasets, according to a ruling by the Committee for the Supervision of the Intelligence and Security Services (CTIVD). The report, published on July 1, 2026, states that groups of employees had unauthorized access to personal data, and large quantities of data were stored for too long. The bulk datasets, sometimes containing millions of records, include names, phone numbers, location data, social media data, and communication content, sourced from government agencies, commercially available datasets, or stolen datasets offered by criminals. The CTIVD has issued thirteen recommendations to improve the situation.

    ctc.co.jp logoCtcJun 28, 2026
    Same sectorSame impact area

    Chubu Telecommunications C., Inc. Affected by KDDI Corporation Data Breach

    Chubu Telecommunications C., Inc., a Japanese internet service provider, was impacted by a data breach originating from an email system provided by KDDI Corporation. Threat actors gained unauthorized access to this shared system by exploiting a vulnerability in third-party software. This led to the potential exposure of up to 14.2 million email addresses and passwords across all affected ISPs. Chubu Telecommunications customers' email addresses and passwords may have been compromised.

    biglobe.ne.jp logoBiglobeJun 28, 2026
    Same sectorSame impact area

    BIGLOBE Inc. Affected by KDDI Corporation Data Breach

    BIGLOBE Inc., a Japanese internet service provider, was impacted by a data breach originating from an email system provided by KDDI Corporation. Threat actors gained unauthorized access to this shared system by exploiting a vulnerability in third-party software. This led to the potential exposure of up to 14.2 million email addresses and passwords across all affected ISPs. BIGLOBE Inc. customers' email addresses and passwords may have been compromised.