Police in the Netherlands have arrested two individuals suspected of offering for sale data fr om the Dutch health ministry's COVID-19 systems on the criminal underground.
The arrests were made following a report from RTL Nieuws that first spotted ads for Dutch citizen data online, advertised on instant messaging services like Telegram, Snapchat, and Wickr.
According to RTL Nieuws’ Daniel Verlaan, the offered data included info from two COVID-19 systems used by the Dutch Municipal Health Service (GGD): CoronIT, which contains the private data of Dutch citizens who underwent a coronavirus test, and HPzone Light, one of the ministry’s contact-tracing systems.
The data had been sold online for months for prices ranging from €30 to €50 per person, Verlaan said. The offered info included millions of patient details, such as home addresses, emails, telephone numbers, dates of birth, and a person's BSN identifier (Dutch social security number).
In a press release the Dutch police said an investigation into the matter led them to two employees of the GGD’s call center. Both suspects were arrested within 24 hours of the complaint.
“On Friday, January 22, the police and the Public Prosecution Service received reports from the GGD that personal data from GGD systems would be offered for sale on Telegram. The cybercrime team of the Central Netherlands police immediately started an investigation. This investigation soon led to two employees of the GGD call center. The police immediately tracked them down. The suspects were both in Amsterdam on Saturday evening, wh ere they were arrested and taken to a cell. It concerns a 21-year-old man from Heiloo and a 23-year-old man from Alblasserdam. The men’s homes were searched; computers have been seized,” the police said. “More arrests are certainly not ruled out. The investigation continues, including into the extent of the data theft.”