Personal information of a large number of people who participated in the Netherlands’ coronavirus track-and-trace program has been leaked, the Dutch health authorities (GGD) said on Friday.
The GGD confirmed a media report that data had been stolen and apologised for what it said were two separate leaks. It said in a statement it did not know how many people were affected by the data theft, but they could number in the thousands.
Confirmation of the leaks follows violent protests over a government decision to impose a night-time curfew in addition to a months-long lockdown to try to control the pandemic.
Prime Minister Mark Rutte is also under fire because the Netherlands was the last among European Union countries to begin COVID-19 vaccinations.
The GGD said the data leaks were from its core track-and-trace system, and not related to a tracking smartphone app that had been closely scrutinised for potential privacy weaknesses.
In one instance, GGD employees targeted the personal information of a small number of prominent individuals. In the other, an entire data set was leaked and offered for sale online though it was not clear whether anyone bought the data.
“If people who mean ill intentionally take data out of a system, that’s almost impossible to stop,” the GGD said.
The GGD acknowledged people may now be reluctant to participate in its track-and-trace programme, but said it would do its best to restore public confidence.
“We are working closely with the police, justice and data and cybercrime specialists,” it said.
“People who have crossed the line will be fired, simply, and weak spots in our security will be identified and strengthened.”
Broadcaster RTL first reported news of the leak. The GGD confirmed the leaks included names, addresses, social security numbers, telephone numbers, and test results.
(Reporting by Toby Sterling, Editing by Timothy Heritage)