It was revealed today through journalistic investigation that there were vulnerabilities in the Webex software used by the Rijksoverheid for video meetings. These vulnerabilities led to the discovery of so-called metadata from Webex meetings of various government ministers.
As far as is known now, it appears to be metadata, which is: information about the host name (personal name), the meeting ID, the title, and the start and end date of the Webex meeting. The vulnerabilities found have since been fixed by software company Cisco.
The German news medium Die Zeit uncovered the situation. Die Zeit's source was able to listen in on some online meetings in Germany. Whether this happened in the Netherlands cannot be ruled out at this time, but does not seem likely. This is still being investigated.
Administrators and officials must be able to assume at all times that they can consult safely. The Ministry of the Interior and Kingdom Relations (BZK) therefore takes this very seriously and is investigating how this could have happened. BZK has asked Cisco, the company behind the Webex system, for clarification and summoned them to the ministry at short notice. In addition, a report has been made to the Autoriteit Persoonsgegevens and the people we know that data was visible to third parties have been informed. As far as we have now been able to ascertain, this involves metadata from consultations by Ministers Harbers (IenW), Helder (VWS), De Jonge (BZK), Weerwind and Yesilgöz (JenV) and State Secretary Van Huffelen (BZK).
Because the vulnerability in the system has since been fixed, this incident does not affect the Rijksoverheid's use of Webex at this time. We do, however, continue to monitor this closely. The Rijksoverheid does not use Webex for consultations about confidential and other extremely sensitive information.
