Back to Blog
high severity June 02, 2026 · scope unconfirmed

katholiekamersfoort.nl Listed by stormous Ransomware Group

The church website's network (katholiekamersfoort.nl/) has been breached, resulting in the exfiltration of over 10 GB of data. This data pertains to donors, staff, and the personal information of a large number of individuals. The compromised data includes: Databases and Personally Identifiable Information (PII), internal network shares and document, contact lists, board and committee data, as well as system metadata.

⚠ Were you affected?
Free email scanner — we check your address against 15.4B+ leaked records in 15 seconds.
Run free scan →
Severity High
Disclosed June 02, 2026
Affected Unconfirmed
Data exposed Internal files exfiltrated in ransomware attack

On June 2, 2026, the Dutch church network katholiekamersfoort.nl appeared on the leak site of the Stormous ransomware group after more than 10 GB of internal data was exfiltrated. The compromised information includes databases containing personally identifiable information of donors, staff, and a large number of individuals, along with contact lists, board and committee records, internal network shares, documents, and system metadata. Anyone connected to the church — whether as a donor, employee, volunteer, or family member — may now have their personal details exposed.

Confirmed Facts from Public Reporting

Public reporting indicates the breach involved the exfiltration of internal files rather than a simple website defacement. The data set includes databases and PII, contact lists, board and committee data, and documents from internal network shares. No exact victim count has been published, but the church serves a sizable community in Amersfoort, Netherlands. The incident follows the typical ransomware pattern of data theft followed by public shaming on a leak site when demands are not met.

Why This Matters for You and Your Family

When a local institution like a church is breached, the impact reaches far beyond the organization. Your name, address, phone number, email, donation history, or family connections may now sit in a publicly accessible archive. That information can be combined with other leaks to build a detailed profile. For families, this often means children’s names or school-related records appear alongside parental contact details, increasing the chance of targeted scams, identity theft, or unwanted solicitations. Once data leaves secure systems, it cannot be retrieved, which is why prompt personal action is required.

The Doxxing and Identity-Chain Implications

Exposed church records frequently contain linked details — an email tied to a phone number, a donor address matching a family home, or committee notes listing spouses and children. Attackers and opportunistic criminals chain these fragments across multiple breaches. A seemingly harmless church contact list can anchor a larger profile that also pulls in gaming usernames, social-media handles, or reused passwords. This is exactly why credential leaks like this one cascade into account takeovers and doxxing chains, especially for families whose children use the same email addresses for both church activities and online gaming accounts.

Stormous Group’s Publicly Known Track Record

Public reporting attributes the attack to the Stormous ransomware group. The group emerged in 2021 and has targeted organizations across multiple countries with a playbook that combines initial access through common vulnerabilities or phishing, rapid exfiltration of internal shares and databases, and extortion via dual pressure: threats to publish sensitive data and demands for payment to prevent release. Notable prior victims include healthcare providers, educational institutions, and smaller government entities. Stormous typically posts samples and deadlines on its leak site before releasing full archives, a pattern consistent with the katholiekamersfoort.nl listing.

What to do

  • Run a DoxxScan to map every link between your handles, emails, phone numbers, and real identity so you can see exactly what chains back to the church breach.
  • Rotate any password you used at katholiekamersfoort.nl or related church services anywhere it has been reused, and switch on 2FA through an authenticator app rather than SMS.
  • Enable continuous DoxxScan monitoring across 15.4B+ breach records and 100+ platforms so the next time your information surfaces you learn within hours instead of months.
  • Cover the household with DoxxScan family coverage that extends to dependents and children’s gaming accounts that often chain back to the same addresses and emails.
  • Let remediation specialists handle takedown requests across data brokers and exposed repositories while you focus on securing your own accounts.

The church breach is a reminder that even community institutions entrusted with family information can become gateways for larger identity compromises. Taking concrete steps now limits how far attackers can travel down the chain. DoxxScan by GalaxyWarden delivers continuous monitoring across 15.4 billion breach records and more than 100 platforms, AI-powered identity-chain mapping, hands-on remediation by specialists, and full household coverage that includes children’s gaming accounts. Start your DoxxScan trial today to understand your exposure and begin closing the gaps.

Share this Post on X Reddit Email
Why this isn’t just another breach checker

A breach leaks your credentials. Then hackers chain those credentials to your address, family, phone, and employer using public broker sites. We’re the only tool built around that chain.

Free checker Tells you the breach happened. End of story. You’re still on 800+ broker sites.
$129+/yr Broker-removal services scrub the address but don’t see the breach — next leak re-exposes you.
GalaxyWarden Maps the chain. Cleans both halves. $19 one-shot. Closed loop.

⚠ Were you in this breach?

Free email scanner. We check your address against 15.4B+ leaked records in 15 seconds — then show you the $19 cleanup that removes you from the broker sites aggregating leaked data.

Check my email — free →
Close the chain attack

Both halves of the chain, cleaned once.

A breach put your credentials in 15.4B+ leaked records. Hackers chain that data to your address on 800+ broker sites. GalaxyWarden closes both halves for $19 once — no subscription required.

Clean both halves — $19 →
Free breach scan + 800+ broker letters + 30-day proof · one payment, no subscription
W Warden Plus — ongoing monitoring $9.99/mo
Warden Plus ($9.99/mo or $99/yr): weekly re-scans, breach alerts, AI Concierge, auto re-files on relisted brokers.