There is a significant update to a breach at Nebu software that may have impacted millions of Dutch people. As reported previously, Blauw took Nebu to court, seeking an injunction to require Nebu to provide more information on the breach. The hearing was yesterday, and the court issued an order. NU.nl reports (machine translation):
… Almost a month later, Nebu is still not sure whether data from market researchers Blauw and USP. has also been stolen.
That is important information. Because if data from Blauw and USP are leaked, it concerns the data of millions of Dutch people. The market researchers conduct customer satisfaction surveys on behalf of large companies such as VodafoneZiggo and the Dutch Railways. They use Nebu’s software for this.
[…]
Nebu must give full disclosure. If the company does not do so, it must pay a penalty of 25,000 euros per day, with a maximum of half a million euros.
Blauw and USP are not the only market researchers affected by the data breach. Nebu also supplies its software to other research agencies. The Dutch Data Protection Authority (AP) had already received 139 reports on Wednesday from organizations affected by the data breach at Nebu.
Read more at NU.nl.
Great thanks to Frederik Borgesius for keeping DataBreaches aware of updates to this story.