Netherlands Government reports data breach of 18,000 people personal data Stolen


Due to a malfunctioning script, the personal data of 18,000 people integrating has been leaked, Minister Van Engelshoven of Education has announced. Immigrants can submit a request to ask what their foreign diploma in the Netherlands is worth. The current supplier of this digital application system is a Dutch company with a branch in Serbia, where the testers and developers work.


With this supplier, the government body Nuffic has concluded a processing agreement with the obligation that personal data are anonymised, because no personal data may be processed outside the European Union. The current supplier used a script to anonymize personal data before it entered the test environment. Now this script appears to have not worked properly.


At the company, some sixty testers and developers had access to the relevant data. "All these employees have signed a statement that they will not disclose their work data. As indicated above, there are currently no indications that anything has happened to the personal data, but we cannot rule it out," said Van Engelshoven.


The new supplier of the credential evaluation system discovered last month during the transfer of the test database that it contained personal data. This concerns all personal data of credential evaluation for integrators since the start of the application on 1 February 2017. It concerns about 18,000 people. The personal data has been in the test environment since 11 August 2020.


Nuffic has reported the data breach to the Dutch Data Protection Authority and DUO's data breach reporting center. The current supplier has removed the personal data from the test environment. The new supplier has also deleted the received test files, including from the backups. All victims were informed yesterday, the minister said.


It is now being investigated why anonymisation went wrong and that it can be ruled out as much as possible that misuse of the data has been made. "Nuffic has made agreements with the new supplier of the credential evaluation system to ensure that this cannot happen again", Van Engelshoven concludes.

Previous Post Next Post