Mar 16, 2023 at 10:12 Update: 8 minutes ago
The data of approximately 48,000 people who bought an entrance ticket for the Amsterdamse Waterleidingduinen online between 2015 and 2021 has been stolen by hackers. The police came across the stolen data in an investigation into large-scale data theft.
Cybercriminals have broken into the ticketing system of the Amsterdam water company Waternet. In doing so, they captured the names and account numbers of visitors to the nature reserve.
Waternet has reported the theft to the Dutch Data Protection Authority. According to the water company, the website around the theft was not well enough protected. “We apologize for this,” the statement read.
Waternet speaks of a vulnerability on the website that was discovered and addressed in 2021. At the time, the company was not yet aware that data had been stolen.
According to Amsterdam alderman Melanie van der Horst (Water), the stolen data does not in itself pose a great risk. But it is possible that data from the same people has been stolen from other companies. “The combination of this data could pose a major risk.”
The victims have been informed as far as possible about the theft. Waternet advises them to pay close attention to suspicious messages, e-mails or telephone calls.
No connection with tighter supervision of cybersecurity
According to Van der Horst, this theft is not related to other security problems that occurred at Waternet around that time. In 2021, the company was placed under the supervision of the Human Environment and Transport Inspectorate (ILT) because cyber security was not in order. Since the beginning of this year, the water company is no longer under supervision.
On February 23, the police announced that they had arrested three men. They are suspected of having stolen tens of millions of personal data. They did this by hacking into computer systems of thousands of companies around the world.