Nearly 1.3 million patient records leaked from Dutch COVID-19 testing service

A data leak at the Dutch COVID-19 testing service Coronalab has exposed the personal data of over a million people. Cybersecurity researcher Jeremiah Fowler discovered a non-password-protected database containing nearly 1.3 million patient records.

Fowler told NL Times he discovered the leak, which includes passport numbers, internal documents, and coronavirus test certificates. In total, the data leak involved 1.3 million records, including more than 118,000 test certificates, over a half-million appointment records, and data regarding some 660,000 coronavirus test samples.

The exposed documents cover a period from 2020 until 2022. Leaked data included patients’ names, nationalities, dates of birth, passport numbers, COVID-19 test results, email addresses, and phone numbers. The sensitive data puts affected people at potential risk of a variety of cybercrime, ranging from phishing attempts to identity theft.

According to Cybernews, the leak mainly affected Dutch nationals, but there are also phone numbers from the United Kingdom, United States of America, Germany, and Italy in the data set.