Personal data from the GGD’s two largest coronavirus systems, including addresses, telephone numbers and BSN numbers, have been illegally traded for millions of euros. Two suspects have been arrested for selling this information.
Data from the CoronIT system, including private information of Dutch people who have taken the corona test, and the HPzone Light system, which contains source and contact details, have become products in this illegal trade, reports RTL Nieuws.
The data could be misused for identity fraud, phishing and stalking. “The trade in this data is deeply shocking,” says Professor of ICT & Law Frederik Zuiderveen Borgesius of Radboud University. “There are also medical data in the systems, [so] it is extra important to protect this properly.”
Sales for 50 euros
For months, large group chats on social media platforms have been selling datasets for 30 to 50 euros. The information from a specific person, including home and email address, telephone and citizen service number, could be bought for this fee.
Large datasets containing the information of thousands of Dutch people could also be bought, costing thousands of euros. Social security numbers are especially popular, as they can be used for identity fraud.
The sellers have commented that they “eat well” and make a lot of profit from this illegal business.
Bribed GGD employees
Over 26,000 GGD employees have access to the data, and since many of them are now working from home it is easy for them to pass this data onto criminals. The Central Netherlands police, who specialise in cybercrimes, are investigating the situation and believe GGD employees are being bribed to pass this data on to criminals.
GGD authorities were unaware of the data crimes. “We are responsible for the security of our systems,” says André Rouvoet, chairman of the GGD GHOR Netherlands. “Everyone who is tested by us must be able to rely on it.”
Since the story was exposed by RTL Nieuws, the GGD has taken further steps. Random checks of employees have become regular and dozens of GGD employees have been fired. There are plans in place to upgrade security systems by March.
What do you think of this mass leak of data? Tell us in the comments below.
Feature Image: DutchReview/Canva
Is there a site or database somewhere we can see if our personal information was stolen?