The personal details and data of potentially thousands of Dutch citizens who took part in their country’s Covid-19 track-and-trace system has been leaked, health officials confirmed on Friday.
The Dutch health services (GGD) and police confirmed that the coronavirus data was stolen in two separate leaks – one targeting a small group of prominent people, while the other concerned the personal details of an as-yet-unknown number of residents. But GGD said thousands could be affected by the data leak, and any staff who were involved in any intentional wrongdoing will be fired.
Dutch police arrested two GGD call-center employees earlier this week “on suspicion of computer trespassing” as part of their investigation.
The Dutch privacy commission Autoriteit Persoonsgegevens has reportedly been swamped with calls from people worried about their personal information being stolen in the leaks and offered for sale online.
On Friday, the GGD confirmed the leaks were from its Covid-19 track-and-trace system, and not from a related tracking app used via smartphones.
GGD staff who were responsible for scheduling appointments and forwarding negative test results could also access data including birthdays, addresses, social security numbers as well as medical notes and telephone numbers. The information was informally shared on WhatsApp groups when staff needed help from one another.
“If people who mean ill intentionally take data out of a system, that’s almost impossible to stop,” the GGD said. “People who have crossed the line will be fired, simply, and weak spots in our security will be identified and strengthened.”
News of the data leaks come as the country sees a growing pushback against coronavirus restrictions, with a series of protests and riots breaking out in Dutch cities over the past week against the night-time curfew.
Think your friends would be interested? Share this story!