Oh, sweet irony: the Dutch Data Protection Authority – where registered companies are required to report breaches in data – has accidentally leaked the names of some of its employees in over 800 public documents, local outlet NU.nl reports.
The discovery comes from Dutch cybersecurity firm NFIR. Pauline Gras from the Dutch Data Protection Authority has since responded to the report, telling NU.nl that it is not their policy to reveal employee names.
Indeed, this is why the agency never discloses the authors of research, legal advice and reports conducted by its team.
Unfortunately though, the Data Protection Authority failed to properly remove this information from the files’ metadata. “That information was publicly accessible and therefore available to everyone,” added NFIR representative Mischa van Geleen.
Employee names appeared in nearly 800 separate documents published by the Dutch Data Protection Authority.
Gras claims the agency has since taken necessary measures to pull the revealing metadata from its files. “We have fixed all affected PDFs.” The spokesperson further added that all personnel has been informed of the leak.
“When it comes to data leaks, the same procedures apply to all parties, including us,” Gras added. Still, Gras insisted that the blunder in question was relatively mild and did not require any formal notification.
“A data breach must be reported if it leads to serious adverse consequences for the protection of personal data, or if there is a significant chance that this will happen,” she stated.
So it appears that the leak was too insignificant to necessitate reporting it to themselves.
Early bird tickets for #TNW2018 are almost gone! 🚨 Grab yours here before prices go up. Hurry up though – the offer expires at 18:00 (CET) on March 16!