News - 19.06.2025
Information regarding cyberattack on VR’s hosting provider
VR received information about a cyberattack by a cybercrime group on Wise’s systems at the end of last year. Wise provides VR with IT and hosting services (see here for a news article on VR’s website).
Wise has now completed its analysis of the consequences of the attack as it pertains to VR. Wise hosts personally identifiable data from VR, primarily relating to bank transactions between VR and members, and payments from VR funds, and it there is a possibility that such personally identifiable VR data was copied during the attack. It is clear that the attacker had access to the data but Wise hasn‘t been able to confirm whether or not the data was copied. These data include, among other things, the bank account numbers of VR members, paid invoices, as well as information on transactions from the VR Holiday Fund and the VR Sick Pay Fund.
- Information from the VR Sick Pay Fund relates to sickness per diem payments, death benefits, and grants.
- Information from the Holiday Fund relates to payments by VR members for bookings made in VR’s holiday system.
Health-related information about VR members is generally not hosted by Wise, neither medical certificates from VR members nor notes accompanying sickness per diem payments. An exception to this is when grants are paid, as explanations for grant payments can include IVF treatment or travel expenses.
