Court orders software supplier to provide more information on massive data leak
Software supplier Nebu from Wormerveer must provide more information to one of its clients about a massive data leak at the company last month, the court in Rotterdam ruled in preliminary relief proceedings filed by market researcher Blauw from Rotterdam.
The reason for the lawsuit was a hack in Nebu’s computer systems last month. The personal data of possibly several million Netherlands residents leaked. Blauw wants more information about what exactly happened, how big the data leak was, and what the consequences are.
According to Blauw, the information that Nebu has provided so far is entirely insufficient. The court shares that view. “In the agreement between both parties, Nebu is obliged to inform Blauw about incidents related to the processing of personal data and to follow Blauw’s instructions in such a case. In the opinion of the preliminary relief judge, Blauw’s right of instruction and Nebu’s obligation to comply must be interpreted broadly.”
Nebu must further “provide extensive information about the data breach and answer questions.” In addition, Nebu must have an independent forensic investigation carried out into the data breach.
Cybercriminals broke into Nebu’s systems on March 10. The company discovered the breach over a day later. In the meantime, the hackers had stolen information from the market researchers that use Nebu’s software. The Dutch Data Protection Authority (AP) announced that the data breach might affect 139 organizations in the Netherlands.
Nebu makes the software that market researchers use to gauge what their customers think of companies. Blauw does this for NS, Vodafone, Ziggo, CZ, Vrienden van Amstel Live, ArboNed, and Trevvel, among others.