Heineken, CZ also part of major Dutch data breach; Over 1.5 million affected

The data of up to 22,000 people who took part in a survey for the Vrienden van Amstel Live may have also been taken in a widespread data breach at a market research firm's software supplier, said a spokesperson for Heineken on Thursday. Another 3,000 people who took part in research for health insurer CZ may have also been affected. Combined with hundreds of thousands of people surveyed on behalf of NS and VodafoneZiggo, the total number of records potentially stolen has topped 1.5 million.

Heineken said that their study was carried out by market research company Blauw. The firm interviewed visitors who attended the Vrienden van Amstel Live. The annual concert series started in 1999 and is sponsored by beer brand Amstel, which is owned by Heineken. The beverage company has informed those who attended about the incident.

Personal data such as gender, age, education, province and e-mail address may have been leaked, the spokesperson said. "We deeply regret this," she stated. Heineken has reported the incident to the Dutch Data Protection Authority.

Meanwhile, the data of more than 3,000 customers and organizations affiliated with health insurer CZ were also affected in the same data theft, a spokesperson for CZ confirmed. All affected victims will be informed on Thursday.

CZ also collaborated with Blauw on satisfaction surveys. These are customers who are covered by group health insurance policies, including employees of certain companies which have favorable terms with the insurer. The details about the organizations that offer CZ's group insurance policies to their employees have also been leaked. This concerns data such as names and e-mail addresses, the spokesperson said.

Blauw previously reported that a total of 14 companies were affected by the data leak. Dutch national railway NS and telecom company VodafoneZiggo were the hardest hit thus far. The personal data of some 780,000 customers who took part in a survey for NS were affected, as well as 700,000 clients of VodafoneZiggo.

Blauw said it learned on Friday that an unauthorized person had access to the network of one of its software suppliers. On Monday, this supplier confirmed that data had actually been stolen. The company is still investigating exactly which data was stolen or viewed by unauthorized persons. Access to the personal data has now been secured.