Cyber Incident Victim: Blauw
Date:
Mar 2023
Location:
Netherlands
Summary
A widespread data breach stemming from unauthorized access to a software supplier utilized by market research firm Blauw compromised personal information from multiple clients, impacting over 1.5 million individuals. Heineken disclosed data exposure from a concert survey including email addresses and demographic details, while health insurer CZ reported leaked names and emails of group insurance customers and affiliated organizations. Additional significant impacts involved large-scale customer data theft from Dutch railway operator NS and telecom provider VodafoneZiggo, with investigations ongoing to determine the full extent of stolen records after the supplier confirmed data exfiltration and secured affected systems.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
The data breach affecting Dutch market research firm Blauw originated from a compromise at one of its software suppliers, with unauthorized network access discovered on Friday, March 24, 2023. By Monday, March 27, the supplier confirmed data theft had occurred, prompting Blauw to secure access to affected systems while continuing to investigate the full scope of compromised information. The incident impacted 14 organizations that had conducted customer surveys through Blauw, most significantly Dutch national railway NS (780,000 affected participants) and telecom provider VodafoneZiggo (700,000 affected clients). Personal information from these surveys—though not fully specified in disclosure—was confirmed as stolen via the third-party supplier’s systems. Blauw’s corporate clients began issuing notifications once the scale became clearer, commencing with NS and VodafoneZiggo before additional affected organizations were identified.
Further investigation revealed health insurer CZ had 3,000 group insurance customers and associated organizations compromised, with stolen data including names and email addresses of both policyholders and employers offering CZ plans. Beverage company Heineken subsequently confirmed on March 30 that 22,000 participants in its Vrienden van Amstel Live concert survey—conducted via Blauw—had personal data exposed, including gender, age, education level, province of residence, and email addresses. The cumulative impact exceeded 1.5 million compromised records across all affected entities. Heineken and CZ notified victims directly on March 30, while both companies filed mandatory breach reports with the Dutch Data Protection Authority. Blauw maintained coordination with impacted clients throughout the investigative period but did not publicly identify the software supplier responsible for the network intrusion or specify whether additional compromised datasets might emerge. No further details regarding attacker methodology, data recovery efforts, or forensic conclusions were disclosed in the immediate aftermath.