English Nederlands

SOMI Newsletter - May 16th, 2023

SOMI logo

Newsletter SOMI - May 16th, 2023

This is the newsletter for May 2023 from the Foundation for Market Information Research to its relations, including the participants in its actions, its sympathizers, media professionals and app users.

Call Data Breach Joris Zorg

On Thursday, April 20, Joris Zorg Group reported a data breach. The Joris Zorg Group has 500 employees, 320 volunteers and 720 clients. The data leak was caused by a data theft by the hacking group Bitlock. They threatened to make the stolen data public if they were not paid. Joris Zorg has indicated that they do not want to negotiate with criminals. The data was then published by the hack group on the Dark Web. 

SOMI intends to submit a complaint about this to the Dutch Data Protection Authority on behalf of the victims. We believe it is important for the regulator to investigate this. 

If you are an employee or a family member of a client of the Zorg Group, we urge you to contact us. You can do this by sending an e-mail to: info@somi.nl or filling in the contact form below. Your response will be treated confidentially. 

News

Potential largest data breach in the Netherlands

On March 10th, 2023, a malicious actor broke into the systems of Nebu, a software supplier for market research. This breach concerns consumer data from a number of Dutch market research companies that use Nebu's software, and it appears to include the personal data from about two million Netherlands residents.

In total, 139 organizations has reported to the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) that their customer data has been involved in this breach. The data breach seems to mostly consist of contact information such as name and email addresses, but also includes some income data, and in small number of cases it is possible that more sensitive personal information was included as well. 

One of Nebu's client, Blauw, a qualitative market research firm, filed lawsuit against Nebu for inadequate information provision about this data breach. Blauw has some major clients including NS, VodafoneZiggo, CZ, Trevvel, and many more. According to Blauw, it takes 2 weeks for Nebu to report the data breach and, since then, Nebu is difficult to reach and hardly provides any information about the breach. 

On April 6th, the court of Rotterdam ordered Nebu to provide information about the data breach to Blauw. Since Nebu has failed to indicate whether the data from (the clients of) Blauw has been stolen or not, the judge also ordered Nebu to conduct independent forensic investigation into the incident (source: privacy-web.nl). 

This data breach increases the risk of phishing attacks and other scams. Malicious actors can use the stolen contact data to lure the victims into providing access to their accounts or worst, to make bank transaction. Therefore, it is very important for the victims to be notified about the breach in order for them to take action, such as changing their password, as soon as possible. 

The fact that it takes Nebu over 2 weeks to report the breach left the victims exposed for too long. SOMI is currently investigating this case and we are determined to find out whether this breach has caused any damages to the people in the Netherlands. There might be a possibility for SOMI to initiate a claim on this incident.

Blog

Menno Weij on Value Creation Capital: Cyber Attacks and Principles

Does a day ever go by without cybercrime being in the news? Unfortunately not, it is the new reality that we are all going to have to deal with. Some recent examples in the Netherlands, which we have also seen in the media, are: 
  • Lawsuit between Market Research Bureau Blauw and its supplier Nebu following the hack at Nebu, 
  • Ransom attack at the KNVB, 
  • Ransom attack at Joris Zorg. 

This article was written by Menno Weij, member of the Supervisory board of SOMI on Value Creation Capital blog 

About SOMI

The Foundation for Market Information Research (SOMI) is a non-profit organization set up to identify and influence issues of social importance. 


SOMI is a recognized claims foundation in the field of privacy and data autonomy and is committed, among other things, to the protection of the fundamental rights of consumers and minors who use various online services. With the app that SOMI has developed, we want to restore ownership and control over personal data to all the people: All your data. all yours. 


SOMI investigates abuses, informs the public and helps injured parties. SOMI does this by conducting collective proceedings and claiming compensation. 

SOMI is currently investigating alleged GDPR violations by Meta (Facebook) and TikTok.


Contact information

Visiting address: Mr. G. Groen van Prinstererlaan 88A,
1181 TR Amstelveen, The Netherlands
Postal address: Postbus 59692 1040 LD Amsterdam

Email: welcome@somi.nl

Tel: +31 85 208 85 01

KvK: 66169208

RSIN: 856425205

IBAN: NL 79 BUNQ 2066 6319 49

Social Media

See below where you can find us

Links
General Terms & Conditions SOMI App Terms & Conditions Privacy Statement Cookie Statement Responsible Disclosure Policy Crowdsourcing Participation Terms & Conditions SOMI Certificates Serie 2024

Copyright © 2024 Foundation for Market Information Research (SOMI).