Data of thousands of Dutch leaked through Covid test provider: Report

Coronavirus test provider U-Diagnostics' client database was not properly secured, Nieuwsuur reported after gaining access to the medical and personal data of tens of thousands of Netherlands residents, including holidaymakers, Ahold employees, soldiers, GP practices, and even a model and a professional footballer.

After a tip from an internal source at U-Diagnostics, Nieuwsuur was able to gain access to a WhatsApp group on which 300 employees can ask questions to the company's help desk. According to the program, the employees also shared data on this group. 

Nieuwsuur investigators saw the number of a top Dutch model shared, as well as that of a young professional football player. Names, dates of birth, bank account numbers, and information from banking apps were sent on the group. As were the login details and password of U-Diagnostics customer database.

The program logged into the database with the general email address and general password shared on the WhatsApp group and gained access to the data of tens of thousands of people who were tested for the coronavirus through the company. 

U-Diagnostics told Nieuwsuur in a response that the company adheres to all privacy legislation. The use of a WhatsApp group to exchange personal and medical data "is permitted because it only contains employees," director Maarten Cuppen said to the program.