On April 29, 2013, the Belgian Privacy Commission announced that it referred a data breach case involving The National Belgian Railway Company to the Brussels Public Prosecutor. The data breach, which occurred in December 2012, resulted in the 1.46 million sets of customer data being made publicly available online. The Privacy Commission investigated the case and concluded that there had been a violation of the Belgian Data Protection Act, but since the Privacy Commission does not have the authority to impose sanctions for the violation, it referred the case to the prosecutor’s office to initiate criminal proceedings. The Privacy Commission commented that this is the first time that it has referred a data breach case to the Public Prosecutor.
Read more on Hunton & Williams Privacy and Information Security Law Blog.
I don’t remember ever seeing any reference to this breach before, but so far, my Google skills have failed me in finding media coverage. If anyone has a link to articles that provide more details about the breach, please use the Comments section below to point me to them.