A BNR investigation shows that various organizations, including the well-known travel organization Sunweb, wellness chain Thermen Resorts and the casting agency B&F Casting, are dealing with serious security breaches.
The digital security of Dutch companies is once again under discussion after the revelation that the digital back door is wide open at at least fifty Dutch companies and organizations. So, as a customer of one of those companies, don't be surprised that you can expect an email with an apology soon. A research by BNR has revealed that private data of thousands of Dutch people is up for grabs due to insufficiently secured cloud environments. This varies from CVs and application letters to customer data and contracts. Experts warn that this problem is just the tip of the iceberg and that the actual number of unsafe servers and data breaches is significantly higher.
The research shows that various organizations, including the well-known travel organization Sunweb, wellness chain Thermen Resorts and the casting agency B&F Casting, are dealing with serious security breaches. At Sunweb, for example, more than two thousand CVs and application letters were found For everyone accessible goods. This was caused by these documents being inadvertently posted online when the recruitment software was moved to the cloud. Thermen Resorts and B&F Casting are experiencing similar problems, with internal documents such as scripts, briefings and contracts being publicly accessible.
A Sunweb spokesperson responded to the discovery of the data breach by stating: "The CVs and application letters were immediately deleted. According to a spokesperson, the files accidentally ended up online about three years ago when recruitment software was moved to the cloud."
The problem of insufficiently secured cloud environments is further exacerbated by a lack of awareness and knowledge among the companies themselves. Many organizations assume that the security of the cloud environment is the responsibility of the cloud provider. However, like Jeremy van Doorn from the cybersecurity company Palo Alto emphasizes, this responsibility lies with the owners of the data. This sentiment is shared by Roos Dijkxhoorn, founder of Purasec, which argues that companies still need to learn how to work securely with the cloud.
"Many customers think that the cloud server provider is responsible for security and therefore forget to set things up properly."
The revelations have led to swift actions from the companies involved. After being informed by BNR, Sunweb immediately initiated a crisis management plan and removed the relevant documents. Thermen Resorts and B&F Casting have also taken measures to improve the security of their data.
Eward Driehuis, chairman of the cybersecurity community CSIRT Global, warns that the discovered leaks represent only a fraction of the actual number of unsecured servers. According to him, the problem could be "perhaps a thousand times bigger", which underlines the urgency of the problem.
"Companies often still have to learn to work with the cloud."
This incident sheds light on a growing problem in the digital world: the security of data in the cloud. As companies increasingly turn to cloud solutions for their data storage and processing, incidents like this show that there is still much to learn and improve in the field of digital security. It's a wake-up call for all organizations to take their data and the way they use the cloud seriously and invest in robust security measures.
Security
Responsible handling of personal data depends on good security of this data. If security is not properly arranged, this can, for example, lead to a datalek. Responsible handling of personal data depends on good security of this data. It is not without reason that this is one of the 1 basic principles of the General Data Protection Regulation (GDPR). The Dutch Data Protection Authority (AP) monitors how organizations secure their processing of personal data. If an organization has not properly arranged security, the AP can intervene.
