Incident Statement @ ID-ware

Analysis completed

In collaboration with external cybersecurity experts, ID-ware has conducted an investigation into the September 17, 2022 ransomware attack on its systems. The investigation was completed on October 28, 2022, and ID-ware has informed all affected customers of the ransomware attack and has taken required measures on the results of the investigation. For confidentiality reasons, ID-ware does not provide details about individual customers.

Ransomware attack

On Sunday, September 18, 2022, ID-ware discovered that a part of its IT servers were down and customer data was no longer accessible. ID-ware was apparently the victim of a criminal ransomware attack. As a result, ID-ware took immediate action and acted in accordance with applicable laws and regulations: Within 24 hours, renowned external cybersecurity experts started an investigation to identify the rout cause of the attack and the affected data. The operational services were quickly restored, and the security of the systems was further enhanced.

Unfortunately, the investigation identified that data from some of ID-ware's customers, particularly in the Netherlands, was affected by the attack. ID-ware received a ransom demand, which it did not comply with. The company reported the incident to the Data Protection Authority and has since been in constant contact with the National Cyber Security Centre (NCSC) and as well as the police, who were also informed about the ransomware attack.

The ransomware attack was carried out by the well-known ransomware group "BlackCat" alias "ALPHV". The stolen data was published on the darkweb. The external cybersecurity experts provided ID-ware a list with the filenames of the published data. ID-ware's direct customers whose data was identified as compromised during the investigation were informed immediately.


With the advice of the external cybersecurity experts, ID-ware immediately took several additional security measures to limit any residual risk, as well as to determine the root cause of the incident to prevent a possible recurrence in the future. For example, all IT systems were deeply scanned for potential malicious software, and ISO-controlled security procedures were used in the recovery of IT systems. Furthermore, additional security measures were taken, such as 24-hour remote monitoring by the external Security Operations Center (SOC).

Impact of the attack

ID-ware deeply regrets that its own customers have been affected by this criminal act. ID-ware understands the concerns and doubts of users of its services regarding the consequences of this attack, which also affect ID-ware itself. The security of the customers is a high priority for ID-ware: the company is doing all efforts to minimize the impact for the affected customers and is in close contact with them and the relevant authorities in this regard.

About ID-ware

ID-ware develops software and provides services for access solutions used in various branches. ID-ware is mainly active in the European market. The company employs around 100 people and has almost 20 years of expertise in this market. The company has been ISO 27001 and 9001 certified for a long time.

In case of any questions, please do not hesitate to contact ID-ware at the following e-mail address. Thank you for your cooperation and understanding.