Headlines March
Major data breach in the reservation system for zoos and amusement parks
Personal data of supposedly hundreds of thousands of people has fallen into the wrong hands due to a leak at the Ticketcounter company. These are names, emails, dates of birth, addresses and bank account numbers. Ticketcounter arranges reservations and payments on behalf of zoos, amusement parks, museums and events.
Ticketcounter was recently told by security experts that user data was being offered on the dark web, a part of the web that is not easily accessible. The company then discovered that a major data breach was caused by "human error". Data that was confidential has been stored in the wrong place, says director Sjoerd Bakker. According to him, it concerns 1.5 million to 1.8 million different email addresses from the period from mid-2017 to 4 August last year.
Bakker speaks of a nightmare. He has also been extorted since Friday with requests to transfer money. "If I don't do that, they threaten to spread the data of customers further. They wanted seven bitcoins. I have called in the police and the cyber team of the Rotterdam police is investigating. I have not paid and that is not going to happen."
Phishing Alert
Ticketcounter customers have now informed people via e-mails of the leak and advised to be alert to phishing, where criminals, for example, pose as bank employees.
Ticketcounter immediately deleted the data file when it heard that the data was offered for sale. In hindsight, this was not the correct response, according to Bakker. "We could have secured the data better, then we would have been able to see what exactly was leaked. The day after the leak, we received the file through ethical hackers and we were able to determine the extent of the leak."
"It's the worst nightmare that can happen to you," says Bakker. "Our business is trust, we do everything we can. We put a lot of money, energy and time into it, but those statements are worth little if such a mistake is made." The Rotterdam police confirms that a report has been made, but does not want to say anything more about it. The company also says it has reported to the Dutch Data Protection Authority. The regulator says that it will only be able to make statements once an investigation has been carried out and that it will not discuss individual cases.
Source: https://nos.nl/artikel/2370818-groot-datalek-bij-reserveringssysteem-dierentuinen-en-pretparken.html
Hazardous substance released at electronics manufacturer Thales in Hengelo
An unknown dangerous substance was released this morning at electronics manufacturer Thales in Hengelo. The company had to be evacuated and the fire brigade called on local residents via NL-Alerts to keep windows and doors closed. At around 7 a.m., the company's employees, several dozen, had to go outside. Thales called on the rest of the staff not to come. At around 9.30 a.m., the fire brigade reported that no more dust was being released and that the danger to the surrounding area had passed. The company is located on an industrial estate.
Source: https://nos.nl/artikel/2371038-gevaarlijke-stof-vrijgekomen-bij-bedrijf-in-hengelo-situatie-onder-controle.html
Complete mailboxes deleted at the municipality of Almere
At the municipality of Almere, entire mailboxes have been deleted from aldermen and managers, so that important information can no longer be retrieved. This concerns, for example, commitments and agreements from aldermen. This became known because Omroep Flevoland submitted a request for public access to information (WOB request). Destroying mailboxes makes it impossible to check the municipality afterwards. In principle, civil servants should check with every email they receive whether they should keep it for a short or longer period of time. Important messages about administrative matters or, for example, contracts must be kept for 10 years. The reason for this is that as a citizen or, for example, a journalist you must be able to see afterwards how certain policy has been established.
It is unclear why the emails have been deleted. For example, deleting the e-mail of a departing employee is not allowed. A reason like 'that the disks are getting full' is also not an argument. There was also no longer a backup of the mail. It has been known for a year that it is a bummer for the municipality as regards archiving . The province then called Almere to the mat as supervisor. An improvement plan has been drawn up that costs 1.3 million euros. The province is keeping its finger on the pulse. The municipality of Almere does not want to answer questions from Omroep Flevoland whether more mailboxes have been destroyed and how the improvement plan is going.
The deletion of the mailboxes came aware of when Omroep Flevoland made a WOB request about the problems within the municipality during the transition from Windows 7 to a newer version of the operating system. Developer Microsoft gave five years to switch in 2015. After those five years, the updates stopped with all the associated security risks. From that moment on, hackers might have been able to break into the municipality digitally more easily. Still, at the beginning of 2020, 150 computers in the town hall were running on the outdated system. And that is remarkable, because in 2015 another damning report was published about the computer policy of the municipality. At that time it was already clear that Almere also reacted too slowly with an earlier new operating system .
Source: https://nos.nl/regio/flevoland/artikel/106993-complete-mailboxen-gewist-bij-gemeente-almere
Regulator starts investigation into sharing customer data from T-Mobile with Statistics Netherlands
The Central Bureau of Statistics (CBS) had access to traffic data from T-Mobile customers for years, according to research by NRC . The Telecom Agency has started an investigation to determine whether the law has been violated.
According to NRC, T-Mobile customers were not informed about the sharing of traffic data with Statistics Netherlands. This data may include information about the location of people and when they interacted with whom.
Statistics Netherlands was given access to the data to be able to develop an algorithm with which it could measure the mobility and residential behavior of Dutch people on the basis of location data from a mobile provider. The collaboration between Statistics Netherlands and T-Mobile lasted until April last year. The Telecom Agency (AT) and the Dutch Data Protection Authority (AP) were not informed if Statistics Netherlands employees actually had access to traffic data of T-Mobile customers. An investigation must reveal whether the Telecommunications Act and the Privacy Act have been violated.
Regulators take case 'very seriously'
Telecom data is hypersensitive, the regulators emphasize. "With full access to telecom data you can follow someone all day long," they said in a statement. “You can see where someone lives, where they work, where they shop, how often they go to the hospital, what their favorite bar is, how often they visit their parents, sister or friends, and where they live. this matter very seriously and must be the bottom stone above. " In a response to NU.nl, T-Mobile informed NU.nl that it cooperated with a CBS test, but says it is "clearly incorrect that CBS had access to individual personal data and gained insight into who would have been in contact with whom," in whatever form ". CBS employees also only had access to the specific dataset for the pilot via a laptop encrypted by T-Mobile. "The set of aggregated and pseudonymized data has thus never left T-Mobile's digital and secure IT infrastructure."
Source: https://www.nu.nl/tech/6121166/toezichthouder-start-onderzoek-naar-delen-van-klantdata-van-t-mobile-met-cbs.html
Password 'Welcome2020'; system administrator Hof van Twente made it very easy for hackers
"Hello, need data back? Contact us fast." The system administrator received this message from the Hof van Twente municipality on December 1, 2020. A ransom message also appears on multiple systems and is printed on multiple printers. This is evident from the investigation report into the hack at the Hof van Twente municipality. Mayor Nauta estimates that the damage will run into millions of euros.
Due to the hack, the services of the municipality were down since the beginning of December. The investigation also shows that it was not really made difficult for the hackers. Hackers had free rein within the computer networks of the Hof van Twente municipality. There was a lack of so-called segmentation, according to the research conducted by cybersecurity company NFIR.
Everyone connects
In the report, the system administrator is given a heavy blow. In October 2020, the password of the administrator account was changed in 'Welcome2020', an easy-to-guess password. A year earlier, a rule in the firewall was changed. From that moment on, anyone on the Internet was allowed to connect to the municipality's FTP server for file exchange. A vulnerable version of the Remote Desktop Protocol was running on that server. From that moment on, between 50,000 and 100,000 break-in attempts are made by hackers every day. The first successful attempt for the hacker or hackers is on November 9, 2020. After that, ninety virtual servers were thrown away and all backups destroyed.
Trust
The municipality of Hof van Twente is also not going unpunished in the investigation. For example, the municipality is accused of not being alert enough. Reliance was placed on the expertise of the system administrator, without sufficiently verifying when the company was last externally vetted. The municipality had last year tested whether hackers could easily enter. But an IP address was not included in that test, it was precisely that address that was used by the hackers to penetrate the Hof van Twente systems. An international data restorer was able to retrieve deleted files from the Civil Affairs, Social Domain and financial administration department. It is being investigated whether all data can be used safely again. In mid-January, the municipality was able to return a large part of the services. Hof van Twente is building a new ICT network together with the municipality of Enschede.
Source: https://www.rtvoost.nl/nieuws/1520744/Wachtwoord-Welkom2020-systeembeheerder-Hof-van-Twente-maakte-het-hackers-doodeenvoudig
Personal data of supposedly hundreds of thousands of people has fallen into the wrong hands due to a leak at the Ticketcounter company. These are names, emails, dates of birth, addresses and bank account numbers. Ticketcounter arranges reservations and payments on behalf of zoos, amusement parks, museums and events.
Ticketcounter was recently told by security experts that user data was being offered on the dark web, a part of the web that is not easily accessible. The company then discovered that a major data breach was caused by "human error". Data that was confidential has been stored in the wrong place, says director Sjoerd Bakker. According to him, it concerns 1.5 million to 1.8 million different email addresses from the period from mid-2017 to 4 August last year.
Bakker speaks of a nightmare. He has also been extorted since Friday with requests to transfer money. "If I don't do that, they threaten to spread the data of customers further. They wanted seven bitcoins. I have called in the police and the cyber team of the Rotterdam police is investigating. I have not paid and that is not going to happen."
Phishing Alert
Ticketcounter customers have now informed people via e-mails of the leak and advised to be alert to phishing, where criminals, for example, pose as bank employees.
Ticketcounter immediately deleted the data file when it heard that the data was offered for sale. In hindsight, this was not the correct response, according to Bakker. "We could have secured the data better, then we would have been able to see what exactly was leaked. The day after the leak, we received the file through ethical hackers and we were able to determine the extent of the leak."
"It's the worst nightmare that can happen to you," says Bakker. "Our business is trust, we do everything we can. We put a lot of money, energy and time into it, but those statements are worth little if such a mistake is made." The Rotterdam police confirms that a report has been made, but does not want to say anything more about it. The company also says it has reported to the Dutch Data Protection Authority. The regulator says that it will only be able to make statements once an investigation has been carried out and that it will not discuss individual cases.
Source: https://nos.nl/artikel/2370818-groot-datalek-bij-reserveringssysteem-dierentuinen-en-pretparken.html
Hazardous substance released at electronics manufacturer Thales in Hengelo
An unknown dangerous substance was released this morning at electronics manufacturer Thales in Hengelo. The company had to be evacuated and the fire brigade called on local residents via NL-Alerts to keep windows and doors closed. At around 7 a.m., the company's employees, several dozen, had to go outside. Thales called on the rest of the staff not to come. At around 9.30 a.m., the fire brigade reported that no more dust was being released and that the danger to the surrounding area had passed. The company is located on an industrial estate.
Source: https://nos.nl/artikel/2371038-gevaarlijke-stof-vrijgekomen-bij-bedrijf-in-hengelo-situatie-onder-controle.html
Complete mailboxes deleted at the municipality of Almere
At the municipality of Almere, entire mailboxes have been deleted from aldermen and managers, so that important information can no longer be retrieved. This concerns, for example, commitments and agreements from aldermen. This became known because Omroep Flevoland submitted a request for public access to information (WOB request). Destroying mailboxes makes it impossible to check the municipality afterwards. In principle, civil servants should check with every email they receive whether they should keep it for a short or longer period of time. Important messages about administrative matters or, for example, contracts must be kept for 10 years. The reason for this is that as a citizen or, for example, a journalist you must be able to see afterwards how certain policy has been established.
It is unclear why the emails have been deleted. For example, deleting the e-mail of a departing employee is not allowed. A reason like 'that the disks are getting full' is also not an argument. There was also no longer a backup of the mail. It has been known for a year that it is a bummer for the municipality as regards archiving . The province then called Almere to the mat as supervisor. An improvement plan has been drawn up that costs 1.3 million euros. The province is keeping its finger on the pulse. The municipality of Almere does not want to answer questions from Omroep Flevoland whether more mailboxes have been destroyed and how the improvement plan is going.
The deletion of the mailboxes came aware of when Omroep Flevoland made a WOB request about the problems within the municipality during the transition from Windows 7 to a newer version of the operating system. Developer Microsoft gave five years to switch in 2015. After those five years, the updates stopped with all the associated security risks. From that moment on, hackers might have been able to break into the municipality digitally more easily. Still, at the beginning of 2020, 150 computers in the town hall were running on the outdated system. And that is remarkable, because in 2015 another damning report was published about the computer policy of the municipality. At that time it was already clear that Almere also reacted too slowly with an earlier new operating system .
Source: https://nos.nl/regio/flevoland/artikel/106993-complete-mailboxen-gewist-bij-gemeente-almere
Regulator starts investigation into sharing customer data from T-Mobile with Statistics Netherlands
The Central Bureau of Statistics (CBS) had access to traffic data from T-Mobile customers for years, according to research by NRC . The Telecom Agency has started an investigation to determine whether the law has been violated.
According to NRC, T-Mobile customers were not informed about the sharing of traffic data with Statistics Netherlands. This data may include information about the location of people and when they interacted with whom.
Statistics Netherlands was given access to the data to be able to develop an algorithm with which it could measure the mobility and residential behavior of Dutch people on the basis of location data from a mobile provider. The collaboration between Statistics Netherlands and T-Mobile lasted until April last year. The Telecom Agency (AT) and the Dutch Data Protection Authority (AP) were not informed if Statistics Netherlands employees actually had access to traffic data of T-Mobile customers. An investigation must reveal whether the Telecommunications Act and the Privacy Act have been violated.
Regulators take case 'very seriously'
Telecom data is hypersensitive, the regulators emphasize. "With full access to telecom data you can follow someone all day long," they said in a statement. “You can see where someone lives, where they work, where they shop, how often they go to the hospital, what their favorite bar is, how often they visit their parents, sister or friends, and where they live. this matter very seriously and must be the bottom stone above. " In a response to NU.nl, T-Mobile informed NU.nl that it cooperated with a CBS test, but says it is "clearly incorrect that CBS had access to individual personal data and gained insight into who would have been in contact with whom," in whatever form ". CBS employees also only had access to the specific dataset for the pilot via a laptop encrypted by T-Mobile. "The set of aggregated and pseudonymized data has thus never left T-Mobile's digital and secure IT infrastructure."
Source: https://www.nu.nl/tech/6121166/toezichthouder-start-onderzoek-naar-delen-van-klantdata-van-t-mobile-met-cbs.html
Password 'Welcome2020'; system administrator Hof van Twente made it very easy for hackers
"Hello, need data back? Contact us fast." The system administrator received this message from the Hof van Twente municipality on December 1, 2020. A ransom message also appears on multiple systems and is printed on multiple printers. This is evident from the investigation report into the hack at the Hof van Twente municipality. Mayor Nauta estimates that the damage will run into millions of euros.
Due to the hack, the services of the municipality were down since the beginning of December. The investigation also shows that it was not really made difficult for the hackers. Hackers had free rein within the computer networks of the Hof van Twente municipality. There was a lack of so-called segmentation, according to the research conducted by cybersecurity company NFIR.
Everyone connects
In the report, the system administrator is given a heavy blow. In October 2020, the password of the administrator account was changed in 'Welcome2020', an easy-to-guess password. A year earlier, a rule in the firewall was changed. From that moment on, anyone on the Internet was allowed to connect to the municipality's FTP server for file exchange. A vulnerable version of the Remote Desktop Protocol was running on that server. From that moment on, between 50,000 and 100,000 break-in attempts are made by hackers every day. The first successful attempt for the hacker or hackers is on November 9, 2020. After that, ninety virtual servers were thrown away and all backups destroyed.
Trust
The municipality of Hof van Twente is also not going unpunished in the investigation. For example, the municipality is accused of not being alert enough. Reliance was placed on the expertise of the system administrator, without sufficiently verifying when the company was last externally vetted. The municipality had last year tested whether hackers could easily enter. But an IP address was not included in that test, it was precisely that address that was used by the hackers to penetrate the Hof van Twente systems. An international data restorer was able to retrieve deleted files from the Civil Affairs, Social Domain and financial administration department. It is being investigated whether all data can be used safely again. In mid-January, the municipality was able to return a large part of the services. Hof van Twente is building a new ICT network together with the municipality of Enschede.
Source: https://www.rtvoost.nl/nieuws/1520744/Wachtwoord-Welkom2020-systeembeheerder-Hof-van-Twente-maakte-het-hackers-doodeenvoudig
Translated from Dutch to English with Google translate