Major data leak affects Dutch Covid-19 testing system and app

By Ronan Fahy, Jill Toh, Naomi Appelman and Fabio Chiusi

 

In July 2021, the Dutch Ministry of Public Health, Welfare, and Sport was forced to discontinue its connection with a company involved in the issuing of Covid-19 test certificates and the government’s Covid-19 certification app (CoronaCheck), following a serious data leak.

An investigation by the Dutch news outlet RTL Nieuws discovered a major data leak at a test company (Testcoronanu), which had 10 locations in the Netherlands and three in Belgium, and that is affiliated with the Dutch government’s Covid-19 testing initiative (Testenvoorjereis.nl). 

The CoronaCheck app is used to "prove that you have been vaccinated, that you have been tested negative for corona or that you have recently had corona", and can be used "to access certain locations" and "to travel internationally", according to its official website.

RTL Nieuws however found that it is possible for anyone to get fake travel and admission certificates in the CoronaCheck app. The private data of more than 60,000 people who have taken a Covid-19 test at this company had also been leaked.

The leak has been reported to the Dutch Data Protection Authority.

The Ministry said that there was no proof that anyone other than an RTL journalist had gained access to the system. In a joint statement, the Ministers of Health and Infrastructure further claimed that "the serious vulnerability found only affects one of the test providers connected to CoronaCheck", Euronews reported. Measures "taken immediately" guarantee that "the safety and reliability of the CoronaCheck app were not compromised," the Ministers argued.

The Dutch track-and-trace programme caused controversy last January, when health authorities confirmed media reports arguing that personal data of a "large number" of its participants (in the thousands) had been stolen in two separate leaks, according to Reuters.

The national exposure notification app, CoronaMelder, had also been temporarily halted in April over data leak fears.

Tracing the Tracers

Overview, analyses & database
About the projectObjectives and methodologyTracing The Tracers 2021 report: Automating COVID responsesFinal project reportPress ReviewThe TTT project in the mediaNewsletter ArchivePast issues of the TTT newsletter

Topic

COVID apps, Covid tests, Data Leak, Privacy

Country

Netherlands

Type

News article

Hashtags

#coronacheck #digitalcontacttracing #rtl