Between Jan. 1 and April 30, there were 165 data breaches at the Uitvoeringsinstituut Werknemersverzekeringen (UWV). At the Sociale Verzekeringsbank (SVB), there were 319. That is more than 100 data leaks per month at both organizations combined.
Social Affairs Minister Koolmees recently wrote this in a letter to the House of Representatives. Generally these were data leaks in which the data of one person were leaked. Three cases involved large numbers of personal data.
In one of these extensive data breaches, 117,000 resumes were downloaded through an employer account. The UWV subsequently reset all employer passwords and tightened controls. Furthermore, the UWV is taking measures to detect suspicious behavior more quickly. The organization is also investigating whether the number of downloads can be limited.
A second case involved the loss of an external hard drive containing data on 114,000 people. All data were encrypted, according to Koolmees. The employee involved would not have followed proper UWV procedures regarding mobile data carriers. The UWV will now reduce the use of data carriers. The presence of personal data in files and datasets will also be further restricted where possible.
The third large-scale data breach was caused by an email error. A UWV employee sent an invitation to 99 people that accidentally included an attachment with the personal data of 586 people. According to Koolmees, it goes against UWV policy to communicate directly with clients via e-mail. Also, the so-called four-eye principle would not have been used.
This news item can also be found in the Data Breach file
