Today our hoster I3D informed us that the Dutch authorities have seized two servers from our location in Rotterdam. Currently we have no further information since the responsible law enforcement agency did not get in touch with us directly, we were merely informed by our hoster.
Since we are not logging any data there is currently no reason to believe that any user data was compromised.
I3D is kindly providing us with replacement servers (many thanks to them!) so that we can continue to operate our Rotterdam with all three servers soon.
UPDATE (Sept. 22nd 2016): I3D has informed us that the servers have been returned and we are allowed to share some more details about the seizure. The Dutch authorities told I3D that the primary reason for taking the servers was because of the size of the hard disk and “they did not want to wait in the cold corridor of the data center while the multiple 1TB drives were being copied for many many hours”. The original reason for the seizure remains unknown to us, but obligation to confidentiality is the norm in such cases. The dutch authorities did not communicate with us but only I3D, so the confidentiality obligation also applies to them towards us.
I3D further explained: “The seizure itself was nothing fancy, simply pulling out the power, and then we de-racked the servers for them. As we delivered the two replacement servers already, on the old IPs, the two returned servers were put back into the stock, with the discs removed and put into our wipe queue to ensue no customer data will remain on the discs.” Additionally, the Dutch authorities also confirmed that “the type of service [we] offer is in their opinion allowed”.
We can now conclude that no customer information was compromised due to the seizure. The Rotterdam location will continue to operate using the replacement servers.