Fake travel tests: major data breach at a coronavirus testing company

A major data breach at Testcoronanu, a coronavirus testing company, made it possible to get fake travel certificates and admission tickets in the CoronaCheck app — without even taking a test.

But by adding just two lines of code in their web browsers, people could fill in their details, enter what kind of test they wanted, when they took it, and what the result was, reports RTL Nieuws. It was also possible to manipulate the test results or testing dates of others — for example, by marking a negative test as positive.

Experts say these kind of fake test results are not only a danger to public health — but can also have a detrimental impact on the public’s confidence in the CoronaCheck app.

Data of 60,000 people leaked

As if that wasn’t enough, the leak gave access to the private data of over 60,000 individuals. This included not only names and email addresses but also phone numbers, residential addresses, BSNs, passport numbers, and medical information, such as whether an individual has tested positive in the past. 

“Testcoronanu.nl manages your personal data with the greatest care,” reads the company website, a laughable message in the wake of the scandal.

“This data breach is very shocking,” tells Frederik Zuiderveen Borgesius, professor of ICT & Law at Radboud University, tells RTL Nieuws. 

“It doesn’t get much more sensitive than this. This is exactly what medical privacy is for: that people dare to get tested because they trust that their data is safe,” he adds.

Official testing partner

Testcoronanu was not only recommended by the government as one of the affiliated travel test providers, but also received subsidies to operate.

The company has 10 testing locations in the Netherlands and three in Belgium, all of which have been closed since Sunday. 

The Ministry of Health, Welfare and Sport is now investigating how the company was accepted as an official testing partner.

Very serious breach

The Dutch Data Protection Authority classifies this breach as very serious. Testcoronanu may only start testing and processing data again if “security and reliability are guaranteed.”

The Ministry of Health, Welfare and Sport says that there are no indications that anyone else except the RTL Nieuws journalists had access to the database.

How do you feel about this data breach? Tell us in the comments below!

Feature Image: Gaudilab/Depositphotos

Jana Vondráčková 🇨🇿
Jana Vondráčková 🇨🇿
Originally from the Czech Republic, Jana moved to the Netherlands for her studies. Seven years in the flattest country in Europe has brought her a Masters in Environmental Management, experience in content creation, projects, partnership coordination, and about 20 ideas on how to deal with Dutch winter blues (most of which didn’t work). Her love for the local cycling culture is undying — but she finally knows better than to hop on a bike in a typical Dutch downpour.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Related posts

Latest posts

Here are our favourite gift ideas for Christmas in the Netherlands in 2024

Are you on the hunt for the best Dutch Christmas presents to give to your nearest and dearest? We’ve sourced the merriest bits and...

8 things you need for travelling around the Netherlands

A well-connected public transportation system, the locals’ ability to speak excellent English, and the Netherlands’ modest size all make it one of the easiest...

These 17 changes are hitting Dutch wallets in 2025

Hoera! The new year is approaching quickly — and with it come higher costs and income adjustments. 😬 As the AD writes, new financial changes...

It's happening