Cyber Incident Victim: Gemeentelijke Gezondheidsdienst
Date:
Jan 2021
Location:
Netherlands
Summary
Two individuals were arrested for illegally selling COVID-19 patient data obtained from the Dutch health ministry’s systems on criminal platforms such as Telegram, Snapchat, and Wickr. The unauthorized data sale was discovered following an investigation by a journalist who identified online advertisements offering citizen information, prompting law enforcement action.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
In late January 2021, Dutch authorities arrested two individuals for illegally selling COVID-19 patient data originating from the Dutch health ministry's systems. The incident came to light after RTL Nieuws reporter Daniel Verlaan discovered advertisements for Dutch citizen data being marketed on encrypted messaging platforms including Telegram, Snapchat, and Wickr. These platforms served as the primary channels through which criminals offered the stolen health information to potential buyers on the underground market. Verlaan's investigative findings prompted immediate law enforcement involvement, with Dutch police initiating an operation that culminated in arrests on Friday, January 22. The targeted data specifically pertained to individuals involved in the national COVID-19 response systems, though the advertisement scope referenced broader Dutch citizen information. No technical details about the initial breach vector or infiltration methods were disclosed in available reports.
The arrests represented the primary documented response action, with authorities focusing on disrupting the active sale of sensitive health records. The compromised data's exposure created significant privacy risks for affected citizens, given the inclusion of COVID-19-related information during a global pandemic. While the advertisement platforms suggested criminal intent to monetize the stolen records, the exact transactional volume or number of records sold remained unquantified in public disclosures. The health ministry systems' compromise marked a serious breach of medical confidentiality during a national public health crisis. Law enforcement did not immediately confirm whether the arrested individuals were directly responsible for the initial data theft or acted as intermediaries in the illicit sales operation. The incident underscored vulnerabilities in pandemic-related data management while demonstrating rapid cross-sector collaboration between journalism and law enforcement to address active threats.