At least 2 million Dutch customer records appear to have been involved in a massive Dutch data breach. In addition to NS and VodafoneZiggo, three more companies were affected: customer data from Dutch Golf Association, ArboNed and shipping company Trevvel were apparently also leaked.
The Dutch data protection agency has not yet been able to draw a general picture. The supervisory authority initiates an investigation. It is also possible for individuals to appear more than once in the data.
It was clear beforehand that NS and VodafoneZiggo, as well as health insurance CZ and Friends of Amstel Live, were also affected. It turned out that the Dutch employment agency and housing association Stadgenoot was also defrauded.
Several market researchers have confirmed that they are victims of NOS. When asked why, everyone talks about Nebu, a software provider owned by a Canadian company. NOS contacted the company today by phone and email, but has yet to receive a response.
The market researcher most associated with a data breach so far is Blauw Research. This company conducts customer satisfaction research. Senior man Jos Vink van Blauw told NOS that his company still does not know what data was stolen.
Digital security chain
If a company wants to know what its customers think about services, it can consult a market researcher. He enters his questions and personal data into Nebu. “This whole incident shows how important it is to secure the entire digital chain,” said Dave Maasland, CEO of security company ESET Netherlands. “You can see that a weak link in a supplier can have far-reaching consequences.”
Market researcher Topmann Vink of Blauw says that basically only the name and email address of a person is stored, but also information about where the person is a customer and whether it is a business or private customer. According to him, the surveys are short and contain very little personal information. It is unclear how this applies to other market participants.
The Blauw CEO said his company was first told something was wrong about three weeks ago. This was the weekend of 9/11, there was talk of a malfunction and a restoration of service. The following Tuesday, it turned out to be a digital attack. This was reported by email late Dutch time and read by a Vink employee the next day.
“Then all alarm bells rang and we tried to contact the company via email and phone,” he says. “We wanted to know how long the hackers have been in and if data has been stolen. They did not cooperate in any way.”
According to Vink, customers and the Dutch Data Protection Authority were notified on March 16. A day later, a law firm was called in to increase the pressure on software provider Nebu. The Dutch Cyber Security Center and its Canadian counterpart were also informed on the same days.
summary decision
Blauw then decided to take immediate action with the other five officials to compel Nebu to reveal more information. Last weekend and Monday, Nebu actually shared more data. Blauw does not yet know what data was stolen. A hearing will be held next Tuesday. Mavi CEO cannot say what other institutions are involved in this case.
Market researcher USP also reported impact to NOS. This company has a maximum of 350,000 and a maximum of 150,000 customers abroad. Mobile Central Market Research also confirms that it was affected by the data leak, but does not want to give any figures. This is about names, address data and sometimes phone numbers.
cyber crime
Maasland of security firm ESET suspects this to be a fraudulent cybercrime. “Above all, you need a reliable way to get into a place. You have to get your victim to click something.”
When someone completes a customer satisfaction survey and then receives an email with a thank you coupon – “just click the link below” – it can be very tempting.
“With this type of data, you can be convincingly enlightened on a large scale,” says Maasland, “who, above all else, recommends paying attention to emails that require immediate action to secure accounts with a good password and two-step verification.
Source: NOS
Jason Jack is an experienced technology journalist and author at The Nation View. With a background in computer science and engineering, he has a deep understanding of the latest technology trends and developments. He writes about a wide range of technology topics, including artificial intelligence, machine learning, software development, and cybersecurity.