AD.nl, 3 May 2019: 'Some 117,000 leaked UWV CVs possibly in hands of criminals'
“Some 117,000 CVs were illegally downloaded at benefits agency UWV. This happened between 16 and 30 April from the work.nl website."
This reports minister Wouter Koolmees (Social Affairs and Employment). The detailed information may have fallen into criminal hands.
The curricula vitae were downloaded using an account of one employer. On 30 April, this was discovered and the account was blocked. The employer has stated that he knew nothing about the action. His account was presumably misused, he said.
The National Cyber Security Centre (NCSC) has been notified, as has the Personal Data Authority. A police report has also been filed. Data subjects have been notified by the UWV. They have been advised to be alert to possible spam and phishing messages.
A CV can be of great value to criminals because it contains a lot of detailed information. This can make someone a target of cybercrime. The UWV is investigating the possible consequences and considering whether further recovery or security measures are needed. Additional monitoring of the systems will be carried out.
Vincent Böhre of the Privacy First Foundation calls it "scandalous" that so many CVs have been illegally downloaded. ''After all, this is very personal information,'' Böhre said. ''This is a massive leak that suggests that the UWV does not have its security in order. If that is indeed the case, the Personal Data Authority could fine the UWV.''
Böhre says the personal data on CVs can be misused to commit identity fraud, especially if it includes passport photos and citizen service numbers."
Source: https://www.ad.nl/binnenland/circa-117-000-gelekte-cv-s-van-uwv-mogelijk-in-handen-criminelen~aec97d70/, 3 May 2019 (via ANP). Also published at a.o. Parole , Daily News of the North, BN/DeStem, Reformatory newspaper, AVROTROS Opgelicht and AG Connect.