NEWS3 April 2023

Data breach reported by Dutch research firm

Europe GDPR News Privacy

NETHERLANDS – Fourteen clients of Dutch market research firm Blauw have been affected by a data breach at software supplier Nebu B.V, part of IT firm Enghouse Interactive.

Data security abstract image

In a statement released last week, Blauw said that third parties may have gained access to data the company collects and processes for clients and for its own satisfaction surveys.

This includes data necessary to invite people to participate in the research, such as names, email addresses and phone numbers, and any answers provided to survey questions.

Blauw has reported the breach to the Dutch Data Protection Authority and has informed its own clients about the incident.

It is reported that VodafoneZiggo, the Dutch branch of communications firm Vodafone, had been one of the firms affected by the data breach at Nebu.

In its statement, Blauw said it had received written notice of unauthorised access to Nebu’s network on 24th March, with confirmation on 27th March that data had been accessed.

“We regret this deeply and have informed our clients about the breach. We do not yet know exactly what has been stolen,” the statement from Blauw said.

“At the moment, the investigation is ongoing to determine which data may have been viewed or stolen by unauthorised parties.

“We will do everything we can in the coming period to keep our clients informed as well as possible. We find it extremely regrettable that this situation has arisen, both for our clients and for their customers who have participated in the research.”

Wim van Slooten, director at the Data & Insights Network, said the organisation had been “inundated with messages from large and smaller clients that they had to inform them, to their great regret, that data from their customers has been exposed due to a data breach at the IT supplier”.

He added that a number of Nebu platform users had been affected, but that it was not currently known whether data had been downloaded in the hour that the data breach occurred.

“The good news is that the data breach is probably limited in terms of size, the annoying news is that we do not know which limited part was affected by the data breach,” van Slooten added. 

Research Live has approached Nebu for comment.