By Vincent Huysmans – Data Protection Expert
Cybercriminals have targeted some of Belgium’s largest organizations, causing major financial losses, data leaks, and operational disruptions. From a government crippled by ransomware to a brewery held hostage, these cases highlight the real risks of cyberattacks. Here are 6 of the biggest data breaches in Belgium’s history, how they happened, and who was behind them.
The key takeaways:
- Data breaches are real and becoming increasingly frequent
- Cybercriminals don’t just target multinationals. Medium-sized companies are also at risk
- Human errors play a significant role in breaches, making it impossible to rely solely on technical defenses
- Proactive security measures are essential to minimizing the damage of a potential breach
1. Duvel Moortgat Brewery – Ransomware Attack
In March 2024, Belgian brewery giant Duvel Moortgat suffered not one but two consecutive ransomware attacks. First, the Stormous ransomware group infiltrated the company’s network, stealing 88GB of sensitive business data and demanding a ransom. Before Duvel could recover, a second attack by Black Basta hit, encrypting systems and leaking 1TB of financial records, employee passports, and confidential operational data.
The attack forced Duvel to halt beer production in both Belgium and the U.S., disrupting supply chains and causing financial strain. The leak also exposed internal contracts, payroll records, and critical operational documents, putting employees and business partners at risk. This incident demonstrated the devastating impact of back-to-back ransomware attacks and the importance of having multiple layers of cybersecurity protection.
Source: brauwelt.com
2. WhatsApp – Data Leak
In early 2024, a massive WhatsApp data leak affected 3.2 million Belgian users, exposing phone numbers, account metadata, and other sensitive details on the dark web. Hackers exploited security flaws in WhatsApp’s API, extracting user data that was later sold to cybercriminals.
Although chat messages remained encrypted, the leak left millions of users vulnerable to phishing attacks, spam, and fraud attempts. WhatsApp did not confirm the exact source of the breach, but cybercriminals often use scraping techniques and data aggregation to compile user information. This incident underscored the importance of stronger API security and educating users on phishing threats.
Source: The Brussels Time
3. The City of Antwerp – Ransomware Attack
In December 2022, the City of Antwerp became the target of a massive ransomware attack. Hackers breached the city’s IT systems, encrypting files and locking municipal workers out of key services. The attack severely disrupted daily operations, with citizens unable to access ID cards, permits, or library services. The hackers also stole 557GB of sensitive data, including financial documents and personal records.
The PLAY ransomware group was behind the attack, known for targeting government institutions worldwide. Antwerp refused to pay the ransom, opting to restore its systems manually—a process that took weeks. This attack highlighted the vulnerability of public institutions and the crippling effects of ransomware on essential services.
Source: The Brussels Time, vrtnws
4. Belgian Intelligence – Email Breach
Between 2021 and 2023, Belgium’s State Security Service (VSSE) suffered a severe cyber-espionage breach. Hackers exploited vulnerabilities in an email security product, allowing them to intercept around 10% of all classified communications between intelligence agencies.
This breach raised national data protection concerns, as it potentially exposed highly sensitive intelligence exchanges. Investigators traced the attack back to a Chinese state-sponsored hacking group, suspected of spying on European governments. The breach forced Belgium to overhaul its government cybersecurity policies, reinforcing encryption protocols and investing in more secure email communication systems.
Source: Reuters
5. Bpost – Data Breach
In 2020, Belgian postal service Bpost fell victim to a data breach that exposed customer tracking and shipping information. Attackers exploited security flaws in Bpost’s tracking system, gaining access to sensitive delivery data and exposing thousands of shipments to potential theft and fraud.
Although financial details were not compromised, the breach damaged Bpost’s reputation and raised concerns about the data protection of public services handling customer data. To this day, it remains unclear who was behind the attack, but cybercriminals often target logistics companies for fraud, package rerouting, or phishing scams. This breach highlighted the risks of weak API security and the importance of encrypting customer data in online tracking systems.
Source: DataGuidance, vrtnws
Cost of a data breach by country or region (in million USD)
6. Belgacom – Cyber espionage
In 2013, Belgium’s largest telecom provider, Belgacom (now Proximus), discovered that its core network infrastructure had been compromised by a long-running cyber-espionage operation. Investigations revealed that the attackers had installed spyware deep within Belgacom’s systems, allowing them to monitor European communications for years without detection.
The breach was later linked to GCHQ (British Intelligence), as part of a secret operation called “Operation Socialist.” This attack was not about financial gain but rather state-sponsored surveillance, raising major concerns about government espionage. The breach severely damaged customer trust and forced Belgacom to spend millions upgrading its security infrastructure to prevent future infiltrations.
Source: The Guardian, vrtnws
Conclusion
These six cyberattacks prove that no company is truly safe. Technical defenses alone will never be enough, because hackers don’t just attack systems—they exploit people through phishing, social engineering, and weak credentials.
No firewall or antivirus can protect you from a stolen password. But you can make stolen data worthless to hackers by:
- Encrypting your data, not only “sensitive data” – Even if stolen, it remains unreadable.
- Ensuring proper backups – So ransomware doesn’t hold you hostage.
- Implementing strict access controls – Limiting exposure when an attack happens.
- Prioritizing data privacy – Reducing the risk of breaches by minimizing data collection, properly handling personal information, and complying with regulations like GDPR
Cybercrime is evolving—is your data protection strategy ready?