Call Data Breach Joris Zorg

On Thursday, April 20, Joris Zorg Group reported a data breach. The Joris Zorg Group has 500 employees, 320 volunteers and 720 clients. The data leak was caused by a data theft by the hacking group Bitlock. They threatened to make the stolen data public if they were not paid. Joris Zorg has indicated that they do not want to negotiate with criminals. The data was then published by the hack group on the Dark Web.

SOMI intends to submit a complaint about this to the Dutch Data Protection Authority on behalf of the victims. We believe it is important for the regulator to investigate this.

If you are an employee or a family member of a client of the Zorg Group, we urge you to contact us. You can do this by sending an e-mail to: info@somi.nl or filling in the contact form below. Your response will be treated confidentially.

News

Potential largest data breach in the Netherlands

On March 10th, 2023, a malicious actor broke into the systems of Nebu, a software supplier for market research. This breach concerns consumer data from a number of Dutch market research companies that use Nebu's software, and it appears to include the personal data from about two million Netherlands residents.

In total, 139 organizations has reported to the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) that their customer data has been involved in this breach. The data breach seems to mostly consist of contact information such as name and email addresses, but also includes some income data, and in small number of cases it is possible that more sensitive personal information was included as well.

One of Nebu's client, Blauw, a qualitative market research firm, filed lawsuit against Nebu for inadequate information provision about this data breach. Blauw has some major clients including NS, VodafoneZiggo, CZ, Trevvel, and many more. According to Blauw, it takes 2 weeks for Nebu to report the data breach and, since then, Nebu is difficult to reach and hardly provides any information about the breach.

On April 6th, the court of Rotterdam ordered Nebu to provide information about the data breach to Blauw. Since Nebu has failed to indicate whether the data from (the clients of) Blauw has been stolen or not, the judge also ordered Nebu to conduct independent forensic investigation into the incident (source: privacy-web.nl).

This data breach increases the risk of phishing attacks and other scams. Malicious actors can use the stolen contact data to lure the victims into providing access to their accounts or worst, to make bank transaction. Therefore, it is very important for the victims to be notified about the breach in order for them to take action, such as changing their password, as soon as possible.

The fact that it takes Nebu over 2 weeks to report the breach left the victims exposed for too long. SOMI is currently investigating this case and we are determined to find out whether this breach has caused any damages to the people in the Netherlands. There might be a possibility for SOMI to initiate a claim on this incident.

Blog

Menno Weij on Value Creation Capital: Cyber Attacks and Principles

Does a day ever go by without cybercrime being in the news? Unfortunately not, it is the new reality that we are all going to have to deal with. Some recent examples in the Netherlands, which we have also seen in the media, are:

• Lawsuit between Market Research Bureau Blauw and its supplier Nebu following the hack at Nebu,

• Ransom attack at the KNVB,

• Ransom attack at Joris Zorg.

This article was written by Menno Weij, member of the Supervisory board of SOMI on Value Creation Capital blog