Police officers' personal data also included in leak affecting all police employees
The breach of an information system that led to the theft of the work-related contact details of all police employees in the Netherlands also included the private data of some police officers. Representatives of the police confirmed to both NOS and ANP on Monday that the data leak involved the personal phone numbers os some employees. It is not known who stole the set of data, and their motive is unclear.
The set of data originated from the database of information used to generate electronic business cards which are displayed when police employees send email using Microsoft Outlook. In most cases, it included at least the name and email address of nearly all employees, and in most cases, it also includes their department, job function, and direct phone number. Some individuals also included were able to add other information, such as personal phone numbers.
The data was accessed after the offenders managed to hack one police worker's account. Both the Cabinet and the police insisted that the stolen dataset did not include personal information when it was first announced on Friday. “Apart from the names of police officers, this does not involve private data or investigative data,” Justice and Security Minister David van Weel wrote in a letter to Parliament.
Police were unable to confirm how many individuals had personal contact details stolen in the hack. It was already clear that the information likely included the full names of all 65,000 individuals working for the police, as well as their position. It was believed the hack was not limited to just police officers, but also those working in other positions, like janitors and front desk employees.
The information contained in the business cards used in Outlook email signatures is customizable depending on permissions given to different users. "In the past, you could edit this data yourself," a spokesperson told NOS. "It is also possible that it was not stored correctly in one of the systems we use."
Over the weekend, police set up a team to serve as a point of contact for police workers affected by the cybercrime. From their conversations, it emerged that some police officers had private information in the electronic business cards.
"Specialists within the police are investigating the impact of the incident," police said in a statement last week. "The police are constantly alert to possible cyber attacks. Systems are therefore continuously monitored, so that these types of incidents can be dealt with quickly and adequately."
Police employees were warned that they should be especially alert when receiving suspicious emails, direct messages and phone calls.