On Tuesday, September 5, 2023, Thermae 2000 fell victim to an advanced ransomware attack.On this page you can find answers on frequently asked questions.

  • On Tuesday, September 5, 2023, Thermae 2000 fell victim to an advanced ransomware attack. In response, we immediately shut down our IT systems and had our recovery files (backups) reviewed by cybersecurity experts. These files were then restored to new computers in phases with additional security measures. We are currently fortunately almost fully operational again.

  • Ransomware is malware that encrypts users' data files, with the aim of later decrypting them in exchange for a ransom. In extreme cases, the ransomware blocks access to the IT system by also encrypting system files that are essential for the proper functioning of the system. Given the destructive nature of ransomware attacks, it is often difficult to recover log files and find out what actually happened. Hackers may have stolen intellectual property or personal data, using ransomware to hide their real intentions.

  • At this time it is not yet clear what data the attackers had access to. Therefore, we cannot rule out the possibility that your personal data may have been accessible. We have therefore reported this incident to the Personal Data Authority and contacted the police.

  • An overview of which data we store for which purpose can be found in our privacy statement.

  • No, the medical data of Fysio Thermae's patients is in fact processed in a separate digital environment. This medical data was not reached during the ransomware attack.

  • No, there are no security cameras in places where our guests are naked or in swimwear.

  • At this time, it is not clear what data the attackers have accessed. Therefore, we do not know what the destination of this data will be.

  • Credit card payments go through credit card companies. Credit card details are therefore not in our possession.

  • We immediately shut down our IT systems after the breach and had our recovery files (backups) checked by cybersecurity experts. These files were then restored to new computers in phases with additional security measures, in order to once again ensure the security of your data.

  • It is advisable at all times to change your passwords regularly. Also in this case, we recommend changing the password of your Thermae 2000 account (if applicable).

  • To do so, please send an e-mail to privacy@thermae.nl

  • We advise you to send an e-mail to reserveringen@thermae.nl with the name, address and telephone number on which you made the booking. We will then contact you as soon as possible.

  • If your question is not answered here, please contact us via privacy@thermae.nl. We aim to deal with your query within 8 working days.

  • No, this e-mail is not spam, but sent from our mailing platform Spotler. These links are reliable and point safely to the Thermae 2000 website.