Two Dutch Public Health Workers Arrested for Selling Coronavirus Patient Information

Dutch police have arrested two Public Health Department (GGD) workers for allegedly stealing information on COVID-19 patients and offering to sell it online to various cybercriminals.
The arrests resulted from a police investigation after RTL Nieuws, a local media outlet, discovered personal information from two GGD systems, storing coronavirus patient information, was being sold on instant messaging apps such as Telegram.
Police said the GGD reported personal data theft from its systems on January 22.
“The cybercrime team of the Central Netherlands police immediately started an investigation,” the police report reads. “This investigation soon led to two employees of the GGD call center. The suspects were both in Amsterdam on Saturday evening, where they were arrested and taken to a cell. It concerns a 21-year-old man from Heiloo and a 23-year-old man from Alblasserdam. The men’s homes were searched; computers have been seized.”
The investigation is ongoing, and authorities have not ruled out additional arrests. The initial police report states that names, date of birth, and address were among personal information put up for sale by the two suspects.
However, the RTL Nieuws investigation revealed that the private data had been offered for sale in large chat groups, including Snapchat and Wickr for months. Some posts provide look-up services for specific individuals that range between 30 and 50 euros.
“You will receive the home and email address and telephone and social security number from someone,” RTL Nieuws explained. “Other accounts offer large datasets containing the private data of tens of thousands of Dutch people. Criminals charge thousands of euros for this because it is relatively unique that social security numbers are sold on such a large scale.”
The data theft and illegal trade of information has obliged the GGD to enforce additional security measures, requiring each employee to sign a confidentiality agreement and submit a Certificate of Good Conduct. The public health service also ensured that remote workers will be thoroughly monitored once system upgrades are made.
The security incident could also have serious legal and financial consequences for the GGD. “This is very bad and may be a serious data breach,” the Dutch Data Protection Authority said. “The AP immediately demanded clarification from the GGD. This data includes name, address, place of residence and telephone numbers and also BSNs: all current and in large quantities. That is very valuable.”
Stop guessing what the internet knows about you. Find out with Bitdefender”s Digital Identity Protection!
tags
Author
Right now
Top posts
Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside
June 28, 2022
Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online
June 28, 2022
Bitdefender Reveals the Top Cyber Threats Faced by Consumers in 2021
June 22, 2022
Scam alert: Cybercrooks use shady investment domain to scam keen investors out of money and data
May 24, 2022
John Oliver Shows the Dark Side of Data Brokerage on Last Week Tonight
April 15, 2022
Bitdefender Labs Warns of Phishing Scams Targeting MetaMask Users
April 14, 2022