This is the conclusion of Nieuwsuur after its own research.
This includes dates of birth, passport numbers, social security numbers, e-mail addresses, travel destinations and test results, the medium reports. Such data can be misused by malicious parties for identity fraud.
The leak originated at testing company U-Diagnostics. This tests include holidaymakers at TUI and Corendon, staff at companies and players from football clubs. A poorly secured database was easy to see by outsiders.
In addition, data was freely shared in an internal WhatsApp group to which employees of the organization had access. Photos of IDs were shared there. As a result, not only the most necessary persons saw that privacy-sensitive information, but all 300 participants in the group.
The log-in details of employees were exchanged in the group, whereby everyone could read each other’s passwords. The group was accessible to Nieuwsuur, which suggests that other outsiders could also enter.
According to U-Diagnostics, private data has been handled correctly and better security is being looked at. The Ministry of Defense, which used the company for tests of military personnel, immediately discontinued the cooperation and reported a possible privacy leak to the Dutch Data Protection Authority.