Nebu Data Breach Hits Dutch MR Firms

Netherlands-based agencies Blauw and USP are among the customers of MR software supplier Nebu affected by a security breach which may involve data on around two million residents of the country, according to press reports.

Nebu, which is headquartered in Wormerveer, near Amsterdam, was acquired in summer 2021 by Canadian enterprise software solutions specialist Enghouse Systems. According to a statement on the Blauw web site the MR agency received written notice of unauthorized access to Nebu's network on 24th March and confirmation on 27th that 'data had indeed been stolen'. Blauw said information at risk includes 'data necessary in order to invite people to participate in research (names, email addresses, and phone numbers) and the answers given in the research'. The agency, which says it 'regrets the situation deeply' and will do everything it can to keep clients informed as to the progress of the investigation, has also informed the Dutch Data Protection Authority.

According to reports in www.nltimes.nl and other Dutch press outlets, data involved in the Nebu leak 'includes at least some sensitive financial information', including the names, genders, ages and phone numbers of pension holders with the PME Fund - however the paper said 'bank account numbers, home addresses, citizen identification numbers and email addresses have not leaked out', and payment information is not included. Also stolen, according to the report, were about 780,000 records relating to customers of national rail operator NS, 700,000 customers of VodafoneZiggo, more than 100,000 golfers linked to sports associations in the Nederlandse Golffederatie; and 27,000 linked to the RVO, part of the country's Ministry of Economic Affairs and Climate.

Enghouse Systems, which is listed on the Toronto Stock Exchange, appears not to have commented publicly on the data breach, and Blauw has filed in court demanding more information from Nebu, according to reports.

Research firm USP also said it had been affected by the breach, with data from between 100,000 and 150,000 Dutch residents possibly compromised and another 350,000 from other countries. USP said it believes between five and ten other large Dutch market agencies may have been hit in the same leak. USP for its part said it plans to continue working with Nebu for now, with USP Director Jan-Paul Strop commenting: 'There is no guarantee that this will not happen to another party. We have to be careful and realize that hacking is part of the order of the day. We have been using software from Nebu for 20 years and this is the first problem'.

All articles 2006-23 written and edited by Mel Crowther and/or Nick Thomas, 2024- by Nick Thomas, unless otherwise stated.