Not all victims of the GGD data theft were informed

There are many more people whose data was leaked from the GGD in January than the 1,250 people the GGD reported, according to RTL Nieuws. Not all people whose data was stolen and possibly sold on the internet have been notified about what happened to their private information, the news outlet stated.

An export function allowed GGD employees to download lists of people who got tested for the coronavirus. At least two GGD call center employees were arrested for forwarding the sensitive information via messaging apps such as Telegram and Wickr. The information includes the full name, address, date of birth, telephone number and BSN of the victims.

Criminals sold the data online, showing lists of private information from around 600 people as a prelude of how much information they were actually in possession of. Some criminals claimed to have access to the data of up to ten thousand people. Criminals can use the data to buy subscriptions online or they can demand ransom in return for the data.

The GGD claimed that around 1,250 people in the Netherlands were affected by the data leak. Yet, according to RTL Nieuws, there are many people who have not been made aware that their information was publicized on the internet. The news outlet called ten people at random whose data had been leaked. None of them said they had been contacted by the GGD.

The GGD said there has been “no indication” that anyone affected in the data leak was not notified. “We can’t inform people whose data we do not have”, a GGD spokesperson told RTL Nieuws.

“This is really terrible”, one victim said. “Why have I not been informed by the GGD and why can’t they see that my information has been stolen?”

Seven people have been arrested in connection with the data theft. Two of the suspects, a 21-year-old and a 23-year-old man from Heiloo and Alblasserdam will be brought in front of a judge at the end of August. The investigation into the data theft has still not been concluded, according to the GGD.