2021 will go down in the history books as one of the most turbulent years ever for cybersecurity and information security. One data breach was barely over when the next breach presented itself. Many companies were confronted with this in the past year.
In this article, we look at the 10 largest data breaches of 2021. We limit ourselves to cases where the personal data of Dutch people have been stolen. A data breach such as that at T-Mobile, in which data from more than 54 million American customers was stolen, is not included in our list.
#1 GGD – lively trade in personal data
The most notorious data breach of 2021 is without a doubt the leak at the GGD. It was discovered that thousands of employees had access to the personal and medical data of everyone who had been tested for corona, or who was part of a source and contact investigation.
Then you have to think of first and last names, residential addresses, contact details, citizen service numbers (BSN), medical conditions and medication use. This data was stored in two IT systems and sold to the highest bidder through channels such as Telegram, Snapchat and Wickr.
To make matters worse: the first reports that the registration system was not in order came in the summer of 2020. Employees confirmed that the GGD’s top management deliberately decided to ignore these warnings. André Rouvoet, chairman of the national umbrella organization GGD GHOR, openly apologized for the course of events.
The outgoing Minister of Health Hugo de Jonge also went through the dust in the House of Representatives. He admitted that he should have been more strict about the security of personal data. As icing on the cake, the Dutch Data Protection Authority concluded that the security of the data left something to be desired.
After the media wrote about the leak, the minister had additional security measures taken. The GGD largely switched off the print and export functionality, limited the search options in the computer systems, had more internal checks and external audits carried out to prevent abuse and had the VOG administration (Declaration