Due to a leak in the ForumApp, the entire membership records are on the street. The personal data of 92,901 members and former members were therefore visible to everyone. The leak has been closed and the party has taken measures to prevent it from happening again in the future.
This is according to research by RTL News. The news channel received an anonymous tip and verified the leaked data (1).
Last weekend, Forum for Democracy's party congress took place. There, party leader Thierry Baudet launched the ForumApp, an application that allows FvD members to connect with each other to build their own network. In the future, the app will have additional features, such as a chat function and the ability to date other FvD members.
However, the app turned out to be flawed. The app was connected to the back-end of Forum for Democracy's website. Once logged in, it appeared possible to retrieve data from other members. The app did not check whether you had the correct permission to do so. So anyone who was logged in could automatically consult and download the personal data of others.
The leak allowed access to first and last names, home addresses, dates of birth, e-mail addresses, phone numbers, location information and bank account numbers of the entire membership records. It was also possible to see how long someone had been a member of the party and how much dues they had paid.
RTL News took the test and managed to retrieve data of party leader Baudet and Lower House members Gideon van Meijeren, Pepijn van Houwelingen and Freek Jansen, among others. The private data of former members were also accessible to others. The station found the personal and contact details of Joost Eerdmans, Annabel Nanninga, Henk Otten, Wybren van Haga and Eva Vlaardingenbroek, among others, in the file.
The details of Willem Engel were also leaked. He was until recently the foreman of the now disbanded action group Virus Truth. Among other things, his phone number, home address and bank account number could be seen.
Frederik Zuiderveen Borgesius, professor of ICT & Law at Radboud University, is shocked by the leak. According to him, it has never happened before that such a massive data leak involving political affiliation has ended up on the street. "Your political affiliation is very sensitive and people can be discriminated against because of it. For example, at your work, in your street or by your family. This applies not only to Forum, but also to other political parties," he told RTL News.
Political preferences are considered special personal data in the General Data Protection Regulation (GDPR). Companies and organizations are not allowed to collect that kind of data. Political parties are an exception to this rule: they are allowed to record the political preferences of their members. Obviously, this information is not intended to end up in the public domain.
"We deeply regret that this leak could have occurred. The leak has since been plugged and measures have been taken to prevent recurrences in the future. As a precaution, we have temporarily taken sensitive system components off the air," a Forum for Democracy spokesperson told RTL News.
The group is considering hiring a second outside agency to review the IT systems. The party is also looking into taking action against those who abused the leak. The spokesman said the incident will be reported to the Autoriteit Persoonsgegevens.
