NMBS data leak was breach of privacy
The Privacy Commission is investigating a leak of customer information from the rail authority NMBS that left the personal details of thousands of members of the public open online. Nearly 2,000 people have so far lodged a complaint against the leak, which was caused, the NMBS said, by a data worker “clicking on the wrong button”.
Commission chairman Willem Debeuckelaere said that the explanation given by the NMBS “sounds plausible. But we will be examining this version, as well as a report commissioned from a consultancy by the NMBS, more closely, to see if this version of events is correct.”
Whether by accident or not, the commission has stated that the NMBS is responsible for breach of privacy of the customers aff ected – an estimated 700,000 people – including names, addresses and email addresses. The data, which were open for consultation on an unsecured server, were later copied by someone and placed on another site.
The commission will now file a report with the federal prosecutor, who must decide whether to take legal action and against whom. One of the copies was used by the site www.sncb.fredericjacobs.com to allow members of the public to check if their own details were part of the package leaked onto the net. The NMBS said the site was not an official initiative and stressed that any dissemination of private information was illegal.
Meanwhile, the ministry of defence was investigating another data leak, this time of an internal directory of about 500 staff at the ministry, giving names, functions and contact details. The leak was revealed by a blogger, who said he had been able to download the 37-page document simply via Google.