Data leak at Dutch land registry resulted in secret addresses becoming visible

People were sometimes able to view the confidential addresses of other individuals via the Kadaster land registry system. The data was not fully protected between August 2020 and April 2024. Kadaster said on Wednesday that the problem has since been fixed, the people involved have been notified, and a report has been made to the Dutch Data Protection Authority, which is the national privacy regulator.

The data made it possible to view the data of 3,948 people in specific situations. The mistake was partly due to the MijnOverheid government data and messaging service. People who are "jointly entitled" to an asset, for example, because they own a home together, were able to see the other owner's residential address.

Kadaster said this is not a problem in most cases, as homeowners typically live together. "But in some cases, there is a special reason why rights holders do not know each other's address. In that case, these events can have consequences," Kadaster added.

On October 15, Kadaster was notified that somebody's confidential address was visible. The matter was addressed at the time. A spokesperson said, "There was no immediate reason to stop the services in MijnOverheid."

However, after the incident, they checked whether other secret addresses were able to be accessed. This was investigated in cooperation with Logius, the government service behind DigiD and MijnOverheid.

In April of this year, it turned out that other addresses could also be seen. This was the moment Kadaster decided "not to make the information available anymore."

Outgoing minister Hugo de Jonge (Interior Affairs), who is responsible for Kadaster, wrote a letter to the lower house of Dutch parliament, the Tweede Kamer, saying that individuals protected by the government's Surveillance and Security System were not affected by the incident.