Headlines August
Government services systems down due to outage at Ministry of Defense
Due to a malfunction in the IT system of the Ministry of Defence, various government services have been affected. The malfunction caused problems at, among others, emergency services, the Coast Guard, the Royal Military Police, DigiD, a number of municipal services and the GGD. The problems have now been resolved at some of the services.
Due to the outage, no air traffic was possible to and from Eindhoven Airport all day. The airport now reports that the processes for resuming air traffic are being restarted. In practice, this means that the airport will see which aircraft can depart first and which passengers are allowed through security checks. Eindhoven Airport is the civilian part of the Eindhoven military air base and therefore falls under the management of Defence.
Emergency services experienced problems with their communication and alarm system as a result of the outage, making it more difficult for them to communicate with each other. The Utrecht Safety Region reports that all systems within their region are now working as usual. Other safety regions have not yet reported that their systems are working again.
Since 10:30 pm
It appears that the outage started last night around 22:30. The cause is still unclear. It is also unclear whether it is a deliberate attack or a technical problem, whether or not caused by human error. The Ministry of the Interior says that the extent and impact are still being mapped out. The cabinet is not yet making any statements about the circumstances. When asked what the cause was, Prime Minister Schoof replied: "No idea". Minister of Defence Brekelmans also does not want to speculate about the cause until it has been "determined with one hundred percent certainty". Brekelmans also does not want to say whether it has been ruled out that it was a cyber attack.
National Cyber Security Center flattened
The National Cyber Security Center (NCSC) wrote earlier today on X that several users of the data center and their IT services were affected. As a result, it was not possible for the government organization to send out security advice, which is done, for example, when a vulnerability is found in software. The NCSC now writes that the security advice is again available to everyone.
Security advice is also available to everyone via our website https://t.co/cDlEZlFbke
Independent tech expert Bert Hubert calls it "remarkable" that the outage has lasted so long. "It was already clear last night that this was a major problem." He suspects that it is a problem with the software. "Cables break all the time, but then we always hear quickly about plans to fix them. We hear nothing about that now." We are far too dependent on a network that we cannot repair within twelve hours, he believes. "I just read that the National Cyber Security Center is unable to send security messages. Their entire office is down, because they have no alternatives. It is as if the fire department says that they cannot come and put out a fire because the barracks are on fire."
P2000 and C2000
According to a spokesperson for the Utrecht safety region, the outage caused problems with the P2000 alarm system and the C2000 communication system. Officers on the street are connected to each other and to the control room via C2000. Other emergency services that use the network, including the coast guard, BOAs and the Royal Marechaussee, are also affected by the outage. With P2000, control rooms can call emergency services. The fire brigade, police and ambulance are among those connected to the reporting system. In the Utrecht Safety Region, all systems are working again. According to a spokesperson, there were no problems during the outage. The emergency services communicated temporarily by phone or SMS.
DigiD also affected
DigiD is also experiencing a malfunction. It is not clear whether it has the same cause. People can still use the service, but it is not possible to receive an SMS code to log in with. It is also currently not possible to apply for a DigiD account. Minister of Justice Van Weel responds that in the digital age, it will happen more often that crucial systems fail due to malfunctions. He believes that citizens and institutions should become more resilient to malfunctions like this. Better cybersecurity, such as making regular backups, can prevent situations like this, according to the minister.
Inspection: companies do not protect staff properly against hazardous substances
Companies must pay more attention to protecting personnel who work with hazardous substances. This is the conclusion drawn by the Labour Inspectorate in a new report. In the report , which was published two weeks ago, the inspectorate states, among other things, that employers do not take enough general, preventive measures.
Over the past four years, the Labour Inspectorate has carried out (re)inspections at hundreds of companies from dozens of sectors. These inspections looked at how the companies deal with, for example, cleaning tankers, diesel engine emissions, the production of glue and the release of welding fumes and wood dust. These are substances that can cause cancer, damage genes or are harmful to reproduction.
Insufficient knowledge
The percentage of companies where the inspection intervened varied between 55 and 87 percent per sector. There was insufficient attention for relatively simple measures.
"Examples of this include: separate areas for eating/drinking, changing clothes, lids on barrels to prevent unnecessary exposure, proper packaging and pipes (no leaks), no storage of hazardous substances in the workplace," writes the Labour Inspectorate.
The inspections showed, among other things, that employers "have insufficient knowledge of the hazardous substances they use and the associated health risks, also in the long term". According to the Labour Inspectorate, approximately 4,100 people die each year from occupational diseases. "Almost 3,000 of them die from exposure to hazardous substances. More than 14,000 occupational diseases are diagnosed each year due to substances."
Short-term thinking
Ultimately, the employer is required to assess the health risks of the hazardous substances, says Erwin Gorissen of the Dutch Association for Occupational and Company Medicine (NVAB) to Trouw. "But if an employer does not do that, there is often no sanction." As a result, many companies do not make a risk analysis. Gorissen also tells the newspaper that this is mainly a financial consideration. Logically, health risks can be discovered earlier if the health of employees is checked preventively. "But the problem with that is that the employer determines what is checked," Gorissen explains. "A comprehensive check costs more money, so many companies only have their employees weighed or their blood pressure measured." It also doesn't make it clear which diseases can be caused by the hazardous substances in the long term. "Many occupational diseases only appear after fifteen or twenty years, but employers only think about the short term," says Gorissen. According to him, action is only taken when employees become ill.
In the Netherlands, there are more than 100,000 companies where employees can come into contact with hazardous substances, reports the Labour Inspectorate. At 40,000 of these companies, it concerns substances that can lead to intoxication, poisoning, suffocation, fire or explosions. Furthermore, there are approximately 400 companies that work with large quantities of hazardous substances: so-called Brzo companies (Decree on risks of serious accidents).
Schiphol must better protect employees against carcinogenic emissions
Source: https://nos.nl/artikel/2531228-inspectie-bedrijven-beschermen-personeel-niet-goed-tegen-gevaarlijke-stoffen
Additional investigation into Volksbank, new fine coming
De Volksbank will almost certainly receive a second fine for poor risk management at the bank. Supervisor De Nederlandsche Bank (DNB) has started an additional investigation into the parent company of SNS, ASN and RegioBank at the request of the European Central Bank (ECB). The ECB has asked DNB to look into the way in which de Volksbank maps out the risks of customers with loans, for example, as de Volksbank now reports in the publication of the half-year figures. This is because de Volksbank allegedly underestimated the risks of customer loans for years. The bank has been told by DNB that this could also lead to a fine. Last year, Volksbank already announced that DNB had concluded that the company, still owned by the State, did too little to prevent money laundering and terrorist financing. The background of customers was also not properly checked.
In this case, DNB has been pursuing a process for some time to impose a fine on Volksbank for this. In the past, other banks such as ING and ABN Amro received hefty fines for this. They settled with the Public Prosecution Service for many hundreds of millions of euros. Volksbank cannot yet say how high the fines will be.
'Really complicated'
Roland Boekhout, who started as CEO at Volksbank in May, says in a response that there is "undeniably" still a lot of work to be done at the state bank. He states that some of the problems have now been solved, but some have not. "Many of those problems are really very complicated. It will take years to solve them," he explains. According to Boekhout, this is partly because new requirements are also constantly being imposed on banks for money laundering checks and risk management. "For that, you have to build completely new databases and systems. These are problems that will not be solved tomorrow. We have to show the supervisor that we are moving towards that solution. But there is still a lot that needs to be done."
Sale
The problems also cast a shadow over the sale of Volksbank. Recently, NLFI, the institution that manages the shares of banks and insurers that were nationalized during the credit crisis, advised to sell Volksbank . This put an end to the wishes of the House of Representatives to keep the bank in state hands. Meanwhile, Volksbank's profit also fell over the past six months, mainly because less is earned on interest. Boekhout speaks of "a major challenge".
In addition to solving the money laundering and risk problems, he also needs to make the bank more profitable quickly. This needs to be done by increasing efficiency, but also by simply earning more. "We continue to work on more business loans. And try to sell more pension products and insurance. But our main model is to attract savings and offer mortgages. We really need to further optimize that process."
Source: https://nos.nl/artikel/2532499-extra-onderzoek-naar-volksbank-nieuwe-boete-komt-eraan
Labor Inspectorate investigates baggage handler at Eindhoven Airport
There are major concerns about the staff shortage at Skytanking, the baggage handler for Ryanair flights at Eindhoven Airport. Insiders tell Omroep Brabant that the staff is struggling with high work pressure and is not always aware of the safety regulations. The Labour Inspectorate is investigating the company. Skytanking has been handling Ryanair's ground handling since April, including loading and unloading baggage and checking in passengers. Yesterday, it emerged that the company was unable to load and unload baggage on time, resulting in several flights leaving without suitcases .
Multiple sources told Omroep Brabant that this was due to the staff shortage at Skytanking. According to insiders, the employees are struggling with high work pressure. Overworked colleagues are dropping out and people are being asked if they can work on their days off due to understaffing. Furthermore, new staff would not be trained sufficiently, which means that the security rules for baggage cannot be properly observed. Skytanking does not take the complaints seriously internally, say insiders.
Prohibited Items
Because new employees are not properly trained, this leads to problems with the baggage check-in process, for example, an employee told the broadcaster.
"When you are at the counter for checking in your hold luggage, someone from Skytanking has to ask you if you have certain items in your luggage. Some employees do not even know what is or is not allowed on a plane," says the employee. "The security questions are simply not asked or not asked properly."
According to the employee, this means that prohibited items such as e-cigarettes or power banks are allowed through in hold luggage. And that would lead to frustration among the staff of the security company, which is responsible for scanning and stopping prohibited luggage.
"Very often they do stop those items, but the risk of prohibited items ending up in the aircraft hold has increased," the employee said.
Official warning
The Labour Inspectorate confirms after reports by Omroep Brabant that an investigation is underway into the baggage handler. The spokesperson does not want to say why the company is being investigated. It is true that the company received an official warning in June for the working conditions at the airport. Eindhoven Airport does not want to comment on the warning to Skytanking or the investigation by the Labour Inspectorate when asked by Omroep Brabant. A spokesperson for the airport told the regional broadcaster that the airport "has no insight into whether there will be any problems" at the company in the coming days.
"How they currently manage the workforce is really primarily up to the company. Monday, the handling is going well," the spokesperson said. Skytanking and Ryanair were not available for comment today, according to Omroep Brabant.
Source: https://nos.nl/artikel/2533058-arbeidsinspectie-doet-onderzoek-naar-bagageafhandelaar-eindhoven-airport
Personal Data Authority imposes highest penalty ever: 290 million euros fine for Uber headquartered in the Netherlands
Taxi service company Uber is being fined 290 million euros by the Dutch Data Protection Authority (AP). This is the highest fine the privacy watchdog has ever imposed. The company, which has its European headquarters in the Netherlands, is being fined because it passed on data from European taxi drivers to the United States without following privacy regulations. AP speaks of "a serious violation". The company collected location data, photos, payment details and identity documents. In some cases, according to AP, criminal and medical data of drivers were also collected. Uber forwarded that information to the company's US headquarters for over two years, without adequately protecting the personal data. Uber took measures at the end of last year, so that the rules are no longer violated.
'Unjustly'
The company announced in a press release that it will appeal the fine, if necessary in court. Uber calls the fine incorrect, unjust and unfair. According to Uber, there was a lack of clarity about the privacy rules, but the company has complied with them anyway. An Uber spokesperson explained to NOS that they themselves had also contacted the AP about the lack of clarity surrounding the privacy rules. According to Uber, the watchdog did not say at the time that the company was violating the rules.
French drivers
The investigation began after more than 170 French drivers filed a complaint with a French human rights organization, which then reported it to the French equivalent of the Dutch Data Protection Authority. The report was then passed on to the Dutch AP, because the European headquarters are in Amsterdam.
The amount was determined using the standard rule that a fine may not exceed 4 percent of a company's global annual turnover. Uber had a turnover of 34.5 billion euros last year.
Third fine
The previous highest fine from the AP was also for Uber . At that time it was an amount of 10 million euros. That fine was imposed because the company had been too indiscreet for years about how long data of European drivers was stored. The company has also appealed against that fine.
The Personal Data Authority also fined Uber in 2018, then with 600,000 euros. The company received that fine because a data leak was reported too late.
Source: https://nos.nl/artikel/2534629-privacywaakhond-legt-hoogste-straf-ooit-op-290-miljoen-euro-boete-voor-uber
Due to a malfunction in the IT system of the Ministry of Defence, various government services have been affected. The malfunction caused problems at, among others, emergency services, the Coast Guard, the Royal Military Police, DigiD, a number of municipal services and the GGD. The problems have now been resolved at some of the services.
Due to the outage, no air traffic was possible to and from Eindhoven Airport all day. The airport now reports that the processes for resuming air traffic are being restarted. In practice, this means that the airport will see which aircraft can depart first and which passengers are allowed through security checks. Eindhoven Airport is the civilian part of the Eindhoven military air base and therefore falls under the management of Defence.
Emergency services experienced problems with their communication and alarm system as a result of the outage, making it more difficult for them to communicate with each other. The Utrecht Safety Region reports that all systems within their region are now working as usual. Other safety regions have not yet reported that their systems are working again.
Since 10:30 pm
It appears that the outage started last night around 22:30. The cause is still unclear. It is also unclear whether it is a deliberate attack or a technical problem, whether or not caused by human error. The Ministry of the Interior says that the extent and impact are still being mapped out. The cabinet is not yet making any statements about the circumstances. When asked what the cause was, Prime Minister Schoof replied: "No idea". Minister of Defence Brekelmans also does not want to speculate about the cause until it has been "determined with one hundred percent certainty". Brekelmans also does not want to say whether it has been ruled out that it was a cyber attack.
National Cyber Security Center flattened
The National Cyber Security Center (NCSC) wrote earlier today on X that several users of the data center and their IT services were affected. As a result, it was not possible for the government organization to send out security advice, which is done, for example, when a vulnerability is found in software. The NCSC now writes that the security advice is again available to everyone.
Security advice is also available to everyone via our website https://t.co/cDlEZlFbke
Independent tech expert Bert Hubert calls it "remarkable" that the outage has lasted so long. "It was already clear last night that this was a major problem." He suspects that it is a problem with the software. "Cables break all the time, but then we always hear quickly about plans to fix them. We hear nothing about that now." We are far too dependent on a network that we cannot repair within twelve hours, he believes. "I just read that the National Cyber Security Center is unable to send security messages. Their entire office is down, because they have no alternatives. It is as if the fire department says that they cannot come and put out a fire because the barracks are on fire."
P2000 and C2000
According to a spokesperson for the Utrecht safety region, the outage caused problems with the P2000 alarm system and the C2000 communication system. Officers on the street are connected to each other and to the control room via C2000. Other emergency services that use the network, including the coast guard, BOAs and the Royal Marechaussee, are also affected by the outage. With P2000, control rooms can call emergency services. The fire brigade, police and ambulance are among those connected to the reporting system. In the Utrecht Safety Region, all systems are working again. According to a spokesperson, there were no problems during the outage. The emergency services communicated temporarily by phone or SMS.
DigiD also affected
DigiD is also experiencing a malfunction. It is not clear whether it has the same cause. People can still use the service, but it is not possible to receive an SMS code to log in with. It is also currently not possible to apply for a DigiD account. Minister of Justice Van Weel responds that in the digital age, it will happen more often that crucial systems fail due to malfunctions. He believes that citizens and institutions should become more resilient to malfunctions like this. Better cybersecurity, such as making regular backups, can prevent situations like this, according to the minister.
Inspection: companies do not protect staff properly against hazardous substances
Companies must pay more attention to protecting personnel who work with hazardous substances. This is the conclusion drawn by the Labour Inspectorate in a new report. In the report , which was published two weeks ago, the inspectorate states, among other things, that employers do not take enough general, preventive measures.
Over the past four years, the Labour Inspectorate has carried out (re)inspections at hundreds of companies from dozens of sectors. These inspections looked at how the companies deal with, for example, cleaning tankers, diesel engine emissions, the production of glue and the release of welding fumes and wood dust. These are substances that can cause cancer, damage genes or are harmful to reproduction.
Insufficient knowledge
The percentage of companies where the inspection intervened varied between 55 and 87 percent per sector. There was insufficient attention for relatively simple measures.
"Examples of this include: separate areas for eating/drinking, changing clothes, lids on barrels to prevent unnecessary exposure, proper packaging and pipes (no leaks), no storage of hazardous substances in the workplace," writes the Labour Inspectorate.
The inspections showed, among other things, that employers "have insufficient knowledge of the hazardous substances they use and the associated health risks, also in the long term". According to the Labour Inspectorate, approximately 4,100 people die each year from occupational diseases. "Almost 3,000 of them die from exposure to hazardous substances. More than 14,000 occupational diseases are diagnosed each year due to substances."
Short-term thinking
Ultimately, the employer is required to assess the health risks of the hazardous substances, says Erwin Gorissen of the Dutch Association for Occupational and Company Medicine (NVAB) to Trouw. "But if an employer does not do that, there is often no sanction." As a result, many companies do not make a risk analysis. Gorissen also tells the newspaper that this is mainly a financial consideration. Logically, health risks can be discovered earlier if the health of employees is checked preventively. "But the problem with that is that the employer determines what is checked," Gorissen explains. "A comprehensive check costs more money, so many companies only have their employees weighed or their blood pressure measured." It also doesn't make it clear which diseases can be caused by the hazardous substances in the long term. "Many occupational diseases only appear after fifteen or twenty years, but employers only think about the short term," says Gorissen. According to him, action is only taken when employees become ill.
In the Netherlands, there are more than 100,000 companies where employees can come into contact with hazardous substances, reports the Labour Inspectorate. At 40,000 of these companies, it concerns substances that can lead to intoxication, poisoning, suffocation, fire or explosions. Furthermore, there are approximately 400 companies that work with large quantities of hazardous substances: so-called Brzo companies (Decree on risks of serious accidents).
Schiphol must better protect employees against carcinogenic emissions
Source: https://nos.nl/artikel/2531228-inspectie-bedrijven-beschermen-personeel-niet-goed-tegen-gevaarlijke-stoffen
Additional investigation into Volksbank, new fine coming
De Volksbank will almost certainly receive a second fine for poor risk management at the bank. Supervisor De Nederlandsche Bank (DNB) has started an additional investigation into the parent company of SNS, ASN and RegioBank at the request of the European Central Bank (ECB). The ECB has asked DNB to look into the way in which de Volksbank maps out the risks of customers with loans, for example, as de Volksbank now reports in the publication of the half-year figures. This is because de Volksbank allegedly underestimated the risks of customer loans for years. The bank has been told by DNB that this could also lead to a fine. Last year, Volksbank already announced that DNB had concluded that the company, still owned by the State, did too little to prevent money laundering and terrorist financing. The background of customers was also not properly checked.
In this case, DNB has been pursuing a process for some time to impose a fine on Volksbank for this. In the past, other banks such as ING and ABN Amro received hefty fines for this. They settled with the Public Prosecution Service for many hundreds of millions of euros. Volksbank cannot yet say how high the fines will be.
'Really complicated'
Roland Boekhout, who started as CEO at Volksbank in May, says in a response that there is "undeniably" still a lot of work to be done at the state bank. He states that some of the problems have now been solved, but some have not. "Many of those problems are really very complicated. It will take years to solve them," he explains. According to Boekhout, this is partly because new requirements are also constantly being imposed on banks for money laundering checks and risk management. "For that, you have to build completely new databases and systems. These are problems that will not be solved tomorrow. We have to show the supervisor that we are moving towards that solution. But there is still a lot that needs to be done."
Sale
The problems also cast a shadow over the sale of Volksbank. Recently, NLFI, the institution that manages the shares of banks and insurers that were nationalized during the credit crisis, advised to sell Volksbank . This put an end to the wishes of the House of Representatives to keep the bank in state hands. Meanwhile, Volksbank's profit also fell over the past six months, mainly because less is earned on interest. Boekhout speaks of "a major challenge".
In addition to solving the money laundering and risk problems, he also needs to make the bank more profitable quickly. This needs to be done by increasing efficiency, but also by simply earning more. "We continue to work on more business loans. And try to sell more pension products and insurance. But our main model is to attract savings and offer mortgages. We really need to further optimize that process."
Source: https://nos.nl/artikel/2532499-extra-onderzoek-naar-volksbank-nieuwe-boete-komt-eraan
Labor Inspectorate investigates baggage handler at Eindhoven Airport
There are major concerns about the staff shortage at Skytanking, the baggage handler for Ryanair flights at Eindhoven Airport. Insiders tell Omroep Brabant that the staff is struggling with high work pressure and is not always aware of the safety regulations. The Labour Inspectorate is investigating the company. Skytanking has been handling Ryanair's ground handling since April, including loading and unloading baggage and checking in passengers. Yesterday, it emerged that the company was unable to load and unload baggage on time, resulting in several flights leaving without suitcases .
Multiple sources told Omroep Brabant that this was due to the staff shortage at Skytanking. According to insiders, the employees are struggling with high work pressure. Overworked colleagues are dropping out and people are being asked if they can work on their days off due to understaffing. Furthermore, new staff would not be trained sufficiently, which means that the security rules for baggage cannot be properly observed. Skytanking does not take the complaints seriously internally, say insiders.
Prohibited Items
Because new employees are not properly trained, this leads to problems with the baggage check-in process, for example, an employee told the broadcaster.
"When you are at the counter for checking in your hold luggage, someone from Skytanking has to ask you if you have certain items in your luggage. Some employees do not even know what is or is not allowed on a plane," says the employee. "The security questions are simply not asked or not asked properly."
According to the employee, this means that prohibited items such as e-cigarettes or power banks are allowed through in hold luggage. And that would lead to frustration among the staff of the security company, which is responsible for scanning and stopping prohibited luggage.
"Very often they do stop those items, but the risk of prohibited items ending up in the aircraft hold has increased," the employee said.
Official warning
The Labour Inspectorate confirms after reports by Omroep Brabant that an investigation is underway into the baggage handler. The spokesperson does not want to say why the company is being investigated. It is true that the company received an official warning in June for the working conditions at the airport. Eindhoven Airport does not want to comment on the warning to Skytanking or the investigation by the Labour Inspectorate when asked by Omroep Brabant. A spokesperson for the airport told the regional broadcaster that the airport "has no insight into whether there will be any problems" at the company in the coming days.
"How they currently manage the workforce is really primarily up to the company. Monday, the handling is going well," the spokesperson said. Skytanking and Ryanair were not available for comment today, according to Omroep Brabant.
Source: https://nos.nl/artikel/2533058-arbeidsinspectie-doet-onderzoek-naar-bagageafhandelaar-eindhoven-airport
Personal Data Authority imposes highest penalty ever: 290 million euros fine for Uber headquartered in the Netherlands
Taxi service company Uber is being fined 290 million euros by the Dutch Data Protection Authority (AP). This is the highest fine the privacy watchdog has ever imposed. The company, which has its European headquarters in the Netherlands, is being fined because it passed on data from European taxi drivers to the United States without following privacy regulations. AP speaks of "a serious violation". The company collected location data, photos, payment details and identity documents. In some cases, according to AP, criminal and medical data of drivers were also collected. Uber forwarded that information to the company's US headquarters for over two years, without adequately protecting the personal data. Uber took measures at the end of last year, so that the rules are no longer violated.
'Unjustly'
The company announced in a press release that it will appeal the fine, if necessary in court. Uber calls the fine incorrect, unjust and unfair. According to Uber, there was a lack of clarity about the privacy rules, but the company has complied with them anyway. An Uber spokesperson explained to NOS that they themselves had also contacted the AP about the lack of clarity surrounding the privacy rules. According to Uber, the watchdog did not say at the time that the company was violating the rules.
French drivers
The investigation began after more than 170 French drivers filed a complaint with a French human rights organization, which then reported it to the French equivalent of the Dutch Data Protection Authority. The report was then passed on to the Dutch AP, because the European headquarters are in Amsterdam.
The amount was determined using the standard rule that a fine may not exceed 4 percent of a company's global annual turnover. Uber had a turnover of 34.5 billion euros last year.
Third fine
The previous highest fine from the AP was also for Uber . At that time it was an amount of 10 million euros. That fine was imposed because the company had been too indiscreet for years about how long data of European drivers was stored. The company has also appealed against that fine.
The Personal Data Authority also fined Uber in 2018, then with 600,000 euros. The company received that fine because a data leak was reported too late.
Source: https://nos.nl/artikel/2534629-privacywaakhond-legt-hoogste-straf-ooit-op-290-miljoen-euro-boete-voor-uber
Translated from Dutch to English with Google translate