Skip to main content
Home

Main navigation

  • Top stories
  • Health
  • Crime
  • Politics
  • Business
  • Tech
  • Culture
  • Sports
  • Weird
  • 1-1-2
Image
Belastingdienst tax blue envelope
Euros on the well-known "blue envelope" sent by the Belastingdienst, the Dutch tax office - Credit: Joeppoulssen / DepositPhotos - License: DepositPhotos
Business
Crime
Tax Authority
Data & Analytics Department
Eric Wiebes
Ministry of Finance
Data leak
Personal Data Authority
reorganization
Tweede Kamer
parliamentary debate
Thursday, 19 October 2017 - 16:30
Share this:
  • facebook
  • twitter
  • linkedin
  • whatsapp
  • reddit

Tax Authority data mismanagement: details of thousands of Dutch leaked

An important department of the Dutch Tax Authority did not properly handle personal data of citizens and companies, according to several investigations into security in the Data & Analytics Department. As a result, the personal data of tens of thousands of Dutch leaked in various ways, including being sent to third parties or taken home by employees. The investigations also found that tax employees searched for information about individual tax payers, RTL Nieuws reports.

Investigations were launched by the government's internal auditor, the Tax Authority itself and the Personal Data Authority following a report by Zembla saying that the data of 11 million taxpayers and 2 million companies were insufficiently secured in the period between 2013 and 2016. The Tax Authority initially denied this report, but at the insistence of the Tweede Kamer, responsible Finance State Secretary Eric Wiebes ordered an investigation.

The investigation carried out by the Tax Authority itself showed that data was indeed not well protected between January 2012 and February 2016. A second investigation into the period between February 2016 and February of this year showed that the personal data of tens of thousands of Dutch left "the safe environment of the Tax Authority", according to the broadcaster.

For example, in July 2016 the Tax Authority sent income tax data from 2011 of 50 thousand Dutch to an email address outside the Tax Authority. Which email address is not clear. In December of 2016, the Tax Authority sent an attachment containing details about the income, tax debts and bank deposits of 250 Dutch to "an email account of a company". A tax employee sent an attachment containing data about the sales tax of 11 thousand companies to another company. And data is stored on an external Amazon server.

A sample analysis of the Tax Authority's email program found 21 emails containing attachments or subjects with a worrying name. Exactly what was sent is unclear. Four emails were deleted by the sender him- or herself, and the other 17 were deleted because the sender no longer works at the Tax Authority. Another sample analysis revealed that employees searched for data on three individual citizens, including a well-known person that the Tax Authority describes as a VIP.

The investigation also revealed that it is impossible to verify whether outside IT workers dealt properly with the Tax Authority data they had access to while working on computers, or whether they leaked it. It cal also not be verified whether data on an external hard drive given to a company was made anonymous. And the investigators could not find out whether this data was well protected and eventually destroyed.

Previous warnings about the risks of data leaks were ignored. It was possible to send data directly from the Tax Authority's software by email. And employees were able to send data from their work computer by email, or copy it to usb.

In a letter Wiebes sent to the Tweede Kamer with the outcomes of these investigations, he wrote that data was taken from the tax offices because employees wanted to work at home. "That is against the rules and unacceptable", he wrote. But he emphasized that no evidence was found that the personal data was used for anything other than work. The Public Prosecutor, which also investigated the situation, agrees with that statement.

The Personal Data Authority's investigation is still ongoing. A spokesperson told RTL Z that they are "certainly interested" in the results of the other investigations. "We are going to study the reports."

Wiebes is debating the outcomes of these investigations, as well as the Tax Authority's struggling reorganization, with the Tweede Kamer on Wednesday next week.

Follow us:

Latest stories

  • Heineken, CZ also part of major Dutch data breach; Over 1.5 million affected
  • Seven civilians killed in Dutch airstrike on Mosul in 2016: Report
  • Jaap van Dissel leaving health institute RIVM for retirement
  • Woman shot dead at Amsterdam apartment building entrance; Suspect found dead
  • Private jet flights tripled, CO2 emissions quadrupled since before pandemic
  • Jumbo to stop sponsoring cycling, skating teams end next year

Top stories

  • Seven civilians killed in Dutch airstrike on Mosul in 2016: Report
  • Jumbo to stop sponsoring cycling, skating teams end next year
  • Amsterdam Noord also clashes with mayor over erotic center plans
  • Gender roles still massively influence career advice for secondary school students
  • Police officer won't be charged for triple fatal crash during chase
  • Data of 700,000 VodafoneZiggo customers exposed due to data breach

© 2012-2023, NL Times, All rights reserved.

Footer menu

  • Privacy
  • Contact
  • Partner content