Almost all citizens of city of Eindhoven have their personal data exposed
p
May 24 2024
ppA data breach involving the Dutch city of Eindhoven left the personal information related to almost all of its citizens exposedppAs Eindhovens Dagblad reports two files containing the personal data of 221511 inhabitants of Eindhoven were accessible to unauthorised parties for a period of time last yearppEveryone who lives in the Netherlands has a citizen service number known as a burgerservicenummer or BSN a unique registration number that is used when dealing with the Dutch government and official bodies It is effectively a social security number which is used as an identifier when paying taxes receiving social security and healthcareppAs such it is clearly not the kind of information that you would like to fall into the hands of unauthorised parties such as identity thievesppIf a data breach occurs in the Netherlands the Dutch data protection authority should be notified within 72 hours and victims informed as soon as possible However in this breachs case it appears that did not happenppA spokesperson for the municipality of Eindhoven claimed that very quick action was taken after the discovery of the breach and that affected residents were not informed of the breach because the risk of identity theft had been rated as unlikelyppUltimately details of the data breach only became public in recent days many months after the breach occurredppThe municipality has emphasised that the data leak had been internal and that the sensitive information has not been accessible to outsidersppAlthough its good news if the data leak did not spill out to the outside world what isnt clear from the report is just how many internal employees at the municipality were able to access the sensitive data without authorisationppFurthermore it is not apparent what investigations might have taken place to explore what internal staff may have done with the breached data to which they had accessppSince last year the municipality of Eindhoven has been the subject of stricter supervision by the Dutch data protection authority concerned that personal data has not been handled with enough care following some 200 other breaches of varying size and severityppData breaches can have serious consequences for both municipalities and the individuals whose data is compromised It is essential that municipalities take care to ensure that personal information is not unwittingly exposed and that steps are taken to protect systems and data from unauthorised accessppUnlike with companies members of the public have no choice but to entrust their personal information with municipalities in order to access essential services Data breaches of public bodies violate this trust and expose sensitive information that could be used for malicious purposes by criminalspptagsppGraham Cluley is an awardwinning security blogger researcher and public speaker He has been working in the computer security industry since the early 1990spp
June 07 2024
pp
June 03 2024
pp
May 31 2024
pp
April 19 2024
pp
June 21 2024
pp
April 17 2024
pp
March 06 2024
p
May 24 2024
ppA data breach involving the Dutch city of Eindhoven left the personal information related to almost all of its citizens exposedppAs Eindhovens Dagblad reports two files containing the personal data of 221511 inhabitants of Eindhoven were accessible to unauthorised parties for a period of time last yearppEveryone who lives in the Netherlands has a citizen service number known as a burgerservicenummer or BSN a unique registration number that is used when dealing with the Dutch government and official bodies It is effectively a social security number which is used as an identifier when paying taxes receiving social security and healthcareppAs such it is clearly not the kind of information that you would like to fall into the hands of unauthorised parties such as identity thievesppIf a data breach occurs in the Netherlands the Dutch data protection authority should be notified within 72 hours and victims informed as soon as possible However in this breachs case it appears that did not happenppA spokesperson for the municipality of Eindhoven claimed that very quick action was taken after the discovery of the breach and that affected residents were not informed of the breach because the risk of identity theft had been rated as unlikelyppUltimately details of the data breach only became public in recent days many months after the breach occurredppThe municipality has emphasised that the data leak had been internal and that the sensitive information has not been accessible to outsidersppAlthough its good news if the data leak did not spill out to the outside world what isnt clear from the report is just how many internal employees at the municipality were able to access the sensitive data without authorisationppFurthermore it is not apparent what investigations might have taken place to explore what internal staff may have done with the breached data to which they had accessppSince last year the municipality of Eindhoven has been the subject of stricter supervision by the Dutch data protection authority concerned that personal data has not been handled with enough care following some 200 other breaches of varying size and severityppData breaches can have serious consequences for both municipalities and the individuals whose data is compromised It is essential that municipalities take care to ensure that personal information is not unwittingly exposed and that steps are taken to protect systems and data from unauthorised accessppUnlike with companies members of the public have no choice but to entrust their personal information with municipalities in order to access essential services Data breaches of public bodies violate this trust and expose sensitive information that could be used for malicious purposes by criminalspptagsppGraham Cluley is an awardwinning security blogger researcher and public speaker He has been working in the computer security industry since the early 1990spp
June 07 2024
pp
June 03 2024
pp
May 31 2024
pp
April 19 2024
pp
June 21 2024
pp
April 17 2024
pp
March 06 2024
p
