SOMI Newsletter - April 21st, 2023

Newsletter SOMI - April 21st, 2023

This is the newsletter for April 2023 from the Foundation for Market Information Research to its relations, including the participants in its actions, its sympathizers, media professionals and app users.

Data Breach Joris Zorg

On Thursday, April 20, Joris Zorg Group reported a data breach. The Joris Zorg Group has 500 employees, 320 volunteers and 720 clients.

The data leak was caused by a data theft by the hacking group Bitlock. They threatened to make the stolen data public if they were not paid.

Joris Zorg has indicated that they do not want to negotiate with criminals. The data was then published by the hack group on the Dark Web.

SOMI is handling the case.

We have been able to recover part of the stolen files that have now been published on the Dark Web. We cannot discuss about this in detail, but it seems that the following data, among others, have been published:

- Reviews and private addresses of employees

- Correspondence between the care institution and relatives about the clients - Terminality statements from clients

- Treatment reports and records of medication

This covers a period from 2019 to now.

As far as we have been able to confirm, the Joris Group has taken a position that it will not negotiate. If this is the case, then in principle it has not taken into account the interests of victims whose data have now been published (with all the consequences that entails).

SOMI intends to submit a complaint about this to the Dutch Data Protection Authority on behalf of the victims. We believe it is important for the regulator to investigate this.

If you are an employee or a family member of a client of the Zorg Group, we urge you to contact us. You can do this by sending an e-mail to: info@somi.nl. Your response will be treated confidentially.

SOMI represents more than 75,000 Dutch people in protecting privacy and maintaining data autonomy. Sign up if you want to be informed about our progress on this matter.

Updates

Upcoming: TikTok oral hearing on June 28th, 2023

As TikTok has submitted the statement on admissibility of plaintiffs, applicable law and designation of exclusive representative on February 22nd, the date for the next oral hearing has been determined to be on Wednesday, June 28th at the District Court of Amsterdam. Click here for more information.

Potential largest data breach in the Netherlands

On 10 March 2023, a malicious actor broke into the systems of Nebu, a software supplier for market research. This breach concerns consumer data from a number of Dutch market research companies that use Nebu's software, and it appears to include the personal data from about two million Netherlands residents.

In total, 139 organizations has reported to the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) that their customer data has been involved in this breach. The data breach seems to mostly consist of contact information such as name and email addresses, but also includes some income data, and in small number of cases it is possible that more sensitive personal information was included as well.

One of Nebu's client, Blauw, a qualitative market research firm, filed lawsuit against Nebu for inadequate information provision about this data breach. Blauw has some major clients including NS, VodafoneZiggo, CZ, Trevvel, and many more. According to Blauw, it takes 2 weeks for Nebu to report the data breach and, since then, Nebu is difficult to reach and hardly provides any information about the breach.

On April 6th, the court of Rotterdam ordered Nebu to provide information about the data breach to Blauw. Since Nebu has failed to indicate whether the data from (the clients of) Blauw has been stolen or not, the judge also ordered Nebu to conduct independent forensic investigation into the incident (source: privacy-web.nl).

This data breach increases the risk of phishing attacks and other scams. Malicious actors can use the stolen contact data to lure the victims into providing access to their accounts or worst, to make bank transaction. Therefore, it is very important for the victims to be notified about the breach in order for them to take action, such as changing their password, as soon as possible.

The fact that it takes Nebu over 2 weeks to report the breach left the victims exposed for too long. SOMI is currently investigating this case and we are determined to find out whether this breach has caused any damages to the people in the Netherlands. There might be a possibility for SOMI to initiate a claim on this incident.

In the news

Menno Weij on BNR over the verdict between Nebu and Blauw

Menno Weij, a member of the supervisory board of SOMI, appeared on BNR with Liesbeth Staats and Kees Dorresteijn on April 6th to discuss the Rotterdam court's verdict on the case between Blauw and Nebu data breach.

Click here to listen on BNR (in Dutch)

About SOMI

The Foundation for Market Information Research (SOMI) is a non-profit organization set up to identify and influence issues of social importance.

SOMI is a recognized claims foundation in the field of privacy and data autonomy and is committed, among other things, to the protection of the fundamental rights of consumers and minors who use various online services. With the app that SOMI has developed, we want to restore ownership and control over personal data to all the people: All your data. all yours.

SOMI investigates abuses, informs the public and helps injured parties. SOMI does this by conducting collective proceedings and claiming compensation.

SOMI is currently investigating alleged GDPR violations by Meta (Facebook) and TikTok.

SOMI Newsletter - April 21st, 2023

Data Breach Joris Zorg

Updates

Contact information

Social Media

Links