BNP Paribas real estate branch suffers major data breach

This data has hit the streets

The FD wrote last April about real estate investments made privately by three directors who worked at PNB Paribas' Dutch real estate arm. The newspaper now says the leak is much larger than initially thought. The leak contains data from hundreds of companies and real estate investors, including supermarket chain Ahold Delhaize and private equity firm Lone Star.

According to the Financieel Dagblad, the leak contains details of leases, brokerage fees and non-disclosure agreements with clients. Furthermore, the editors had access to private data of PNB Paribas employees and their clients. This includes bank accounts, citizen service numbers (BSN), copies of passports, confidential correspondence with lawyers, profit sharing, sick notes, salary and bonus statements and year-end reviews.

BNP Parisbas notifies customers of data breach

An external spokesman tells the Financieel Dagblad that PNB Paribas has no idea what documents and personal data the newspaper had access to. He does not respond to substantive questions: according to him, the bank must adhere to "strict external and internal regulations around whistleblowers. However, the hired spokesman does say that this week BNP Paribas Real Estate Netherlands informed its clients about the incident.

The bank further confirmed that the data breach was under investigation and that BNP Paribas' Dutch real estate arm reported the leak to the Autoriteit Persoonsgegevens. It is unclear whether a police report has been filed.

Privacy expert Vincent Böhre of Privacy First says this is a "serious and large-scale" data breach. "Organizations like BNP Paribas need to know in detail what information they hold and where that information is located," he told the FD. He stressed that it is "a moral and social duty" for the French bank to investigate the incident.