Headlines May
Alphen municipality leaks residents' data via double-sided printed letters
The Municipality of Alphen aan den Rijn has warned residents about a data leak caused by double-sided printed letters. The error occurred when sending letters to people in debt to the municipality's Serviceplein. ‘Due to human error, the letters were accidentally printed double-sided, resulting in two letters ending up on one paper,’ the municipality said.
As a result, some of the recipients received details of other people in debt. After discovering the data leak, the municipality sent a letter of apology to all those affected, asking them to immediately destroy the double-sided letter. In addition, the apology letter stated who the affected residents could contact for information and where to file a complaint.
The municipality has reported the data breach to the Personal Data Authority (AP). Last year, the AP received almost 26,000 reports of data breaches. In 10,000 cases, they involved data leaks due to mistakenly sent letters containing personal data. ‘Only if there is a serious privacy breach should this type of data breach be reported to the AP,’ the privacy regulator explains in the annual report.
Source: https://www.security.nl/posting/840923/Gemeente+Alphen+lekt+gegevens+inwoners+via+dubbelzijdig+geprinte+brieven?channel=twitter
Distribution center Vice Versa destroyed, fire not yet under control after 24 hours
The Vice Versa distribution center on Kanaalstraat in Oss burned to the ground, but the fire brigade still cannot control the fire. The Brabant-Noord safety region reported this on Saturday morning, a day after the fire started. The adjacent buildings have been spared. The fire brigade has been extinguishing the fire since half past four on Thursday night. The fire only grew bigger during Friday evening. “Everything we have is being used.” says a spokesperson for the Brabant-Noord Safety Region. Late on Friday evening, he did not dare to say how quickly the sea of fire could be overcome. But it was already clear at that time that not much progress was being made. "It's not working out the way we would like to see."
Twenty degrees below zero
The fire brigade is present at the company in Oss with various fire brigades, more than 250 people strong. They try with all their might to put out the fire, but cannot do so from within. The fire is in a large cold room of the company where it is 20 degrees below zero, causing fire hoses to freeze. The building is very slippery due to frozen fire extinguishing water. "We can only extinguish the fire from the outside. That is much less effective," the spokesperson said. Parts of the building were also on the verge of collapse, meaning firefighters could not extinguish the fire at close range. The smoke could be seen in the area on Friday evening.
Stop lines
The fire brigade hoped on Friday evening that the fire could be stopped by installing stop lines. "Then you make a separation in places, for example where a building ends. There you try to extinguish the fires with water cannons to prevent the fire from spreading." Residents of Vechtstraat and IJsselstraat were unable to spend the night at home due to the smoke. They looked at whether they could stay with family or friends. If that didn't work, they received help from the municipality of Oss to find a hotel or other place.
NL-Alert
The smoke spread throughout the area and could be seen from the A59, in Heesch and even Nijmegen. At the beginning of the evening, an NL Alert was sent to local residents. According to the safety region, no harmful substances were released during the fire. However, many particles from burned solar panels have blown into the environment. These are not dangerous in themselves, but can be sharp.
Keeping livestock indoors
Local residents are advised not to pick up soot particles in their garden with their bare hands, but with gloves, and to wash their hands afterwards. Larger particles must be reported to the municipality of Oss. In addition, dog owners are advised to take steps when walking their dog. "Don't let these eat soot particles!" Farmers in the area have been asked to keep their livestock indoors for the time being. The animals can ingest soot particles when grazing and this can be harmful.
Burning distribution center is difficult to extinguish: 'It will last a while'
The fire in the logistics company Vice Versa in Oss has still not been extinguished. The fire was discovered around half past four on Friday morning at the logistics company that transports refrigerated and frozen products. According to the fire brigade, it is food that is on fire. The fire spreads out of the building at the beginning of the evening. The smoke can therefore be seen far into the area. This is a complex fire, because the fire rages in a cold room. The fire extinguishing water is frozen, making it very slippery and that makes the situation unsafe to enter at the moment, a spokesperson explains. The temperature in the cold rooms is minus twenty degrees. Local residents have received a NL alert. They are advised to keep their windows and doors closed because of the smoke. "Despite the cold, things can still catch fire," explains a firefighter present at the fire. "Cold and fire are two different forces, but it is still possible."
This concerns large foodstuffs that are stored on high shelves. According to the firefighter, the seat of the fire is difficult to reach and that is the biggest problem when extinguishing the fire. "We are trying to extinguish the fire largely from within. This will take some time. We are still fine with it for the time being," says the firefighter. The Brabant-Noord Safety Region says on X that the fire brigade has difficulty reaching the fire due to the slippery cold room. A fire-fighting robot is being used to get the fire under control. Various fire brigades from throughout the region and even from other parts of the country are helping to extinguish the fire. Water is supplied from the Burgemeester Jansenhaven so that there is enough fire extinguishing water. Kanaalstraat is therefore closed to traffic. Several companies are therefore not reachable.
Source: https://www.omroepbrabant.nl/nieuws/4464836/distributiecentrum-verwoest-brand-is-na-24-uur-nog-niet-onder-controle
Moth infestation at Rabobank headquarters: 'They flutter around'
The Rabobank head office suffered from a moth infestation for more than a year. The 26-storey building on Croeselaan suffered from moths and larvae. A Rabobank employee says that moths flew over the work floor. “I saw pictures of larvae falling out of the wall last year,” the employee said. "Now the moths are already fluttering around, but not as many as last year." Everything necessary was done to combat the moths. According to the employee, there were traps hanging throughout the building to catch the moths. Various pesticide sprays were also used last year. Other employees confirm that there are indeed moths flying around the office. One of them says that the cause has already been found and that things have not been so bad since then.
Cause known
The problem with the moths was indeed known before, a spokesperson for Rabobank confirms. This year this was on a larger scale than last year, after which it was decided to remove insulation material. On floors 4 to 24, the moths laid larvae in the insulation material. From the beginning of April, all floors were closed in turn and the material was removed. The insulation material turned out to be the culprit. "We wanted to use nice biological material for the acoustics, so that you were not too bothered by a colleague who was talking on the phone next to you. But the moths turned out to be crazy about that. They laid eggs in the material," says the spokesperson. When spring came, the eggs hatched and employees started experiencing problems.
The biological material was removed last month. "It was an unpleasant situation for colleagues, but it has now been addressed," the spokesperson said. Rabobank does not make any statement about how much it cost to replace the material.
Source: https://www.rtvutrecht.nl/nieuws/3733312/mottenplaag-bij-hoofdkantoor-rabobank-ze-fladderen-rond
National PIN failure, many payments failed
A PIN failure caused problems with payments for hours this evening. A spokesperson for the Dutch Payments Association estimated that 30 to 40 percent of all debit card payments were affected. He spoke of a "major disruption". ATMs were not affected by the outage.
The outage started around 6 p.m. and was resolved after a few hours. It appears that the problems started with a transaction processor, says the spokesperson for the Dutch Payments Association. The PIN disruptions led to disappointment among people in supermarkets and shops. At an IKEA branch in Haarlem, staff handed out cookies. At various supermarkets, people were asked at the entrance if people could pay in cash. Otherwise they wouldn't be allowed in.
Source: https://nos.nl/artikel/2520741-landelijke-pinstoring-veel-betalingen-mislukken
Cat caused more than three tonnes worth of damage to new Noardeast-Fryslân town hall
The red cat that flooded part of North-East Fryslân's town hall last year caused damage worth almost 325,000 euros. Initially, the damage was still estimated at several tens of thousands of euros.The town hall in Dokkum was under renovation last year when an employee discovered a cat roaming the building. The creature was so fast and clever that it did not succeed in catching it. It was therefore decided to seal off the building.
Later, the cat probably opened a tap, causing moisture in the walls and furniture. The water also leaked through the floor into the basement.
New walls and floors replaced immediately
Due to the damage, part of the town hall could only reopen later after the renovation. Among other things, walls and floors had to be replaced.
Alderman Bert Koonstra initially thought the damage would run into tens of thousands of euros. Later that was adjusted upwards and now the total damage appears to be over three tons. ‘The damage is covered by the insurance,’ says Koonstra. ‘With that, we can also close this cat case.’
Source: https://www.omropfryslan.nl/nl/nieuws/16541037/kat-veroorzaakte-voor-meer-dan-drie-ton-aan-schade-aan-nieuw-gemeentehuis-noardeast-fryslan
Hospital cancels almost all planned care after partial collapse of parking garage
St. Antonius Hospital cancels almost all planned care for Monday. The Nieuwegein hospital decided this after part of the parking garage collapsed on Sunday evening. According to the hospital, it is not possible to offer a good alternative to all patients and employees who would come by car so soon after the incident. Only planned care that really cannot wait, such as dialysis and heart procedures, will continue. But according to the spokesperson, this is only a very small part of the planned interventions.
The hospital asks employees, patients and visitors to only come to the hospital when necessary and to use public transport or bicycle as much as possible. Care in the hospital's nursing wards continues unchanged. The hospital did not have to evacuate parts of the building. The parking garage will most likely remain closed for a longer period of time. "That cannot be arranged in a week," a spokesperson for St. Antonius Hospital told NU.nl. On Sunday, all ramps of the parking garage managed by Q-Park collapsed due to an unknown cause. The emergency services that arrived en masse found no people under the rubble. One person was present in the garage when it partially collapsed. He was not injured.
Source: https://www.nu.nl/parkeergarage-nieuwegein/6314417/ziekenhuis-zegt-haast-alle-planbare-zorg-af-na-deels-instorten-parkeergarage.html
Supplier ABN AMRO hit by ransomware
Last week, a supplier of ABN AMRO, AddComm, was hit by a ransomware attack. This may have given unauthorized persons access to ABN AMRO customer data. This concerns a limited number of customers. Customers who may have been affected will be contacted by us in writing. We deeply regret this situation at our supplier and offer our sincere apologies.
Impact on customer data
At this time there are no indications that unauthorized persons have actually used the customer data. ABN AMRO's systems were not affected.
What measures have been taken?
Immediately after the discovery of the ransomware, AddComm hired external cybersecurity experts and subsequently informed its customers, including ABN AMRO. ABN AMRO is in close contact with AddComm and has temporarily stopped providing services with this supplier.
What is being done now?
External cybersecurity experts at AddComm are currently investigating exactly what data has been stolen. We are contacting customers whose data may have been involved in this attack in writing.
Report to the Dutch Data Protection Authority
The data breach was reported by ABN AMRO to the Dutch Data Protection Authority and supervisors. A report to the police is prepared by AddComm.
Source: https://www.abnamro.com/nl/nieuws/leverancier-abn-amro-geraakt-door-gijzelsoftware
Phishing attackers remarkably successful at Bunq: ‘Security not an issue’
Phishing scammers are targeting customers of online bank Bunq, managing to loot sums of often tens of thousands of euros per victim. This is according to research by NOS and NRC. According to experts, the attackers' modus operandi is unlikely to be successful with other banks, and the size of the amounts looted is also surprising. Security measures that other banks do have are lacking, and customers are generally not compensated. NOS and NRC verified the stories of 28 victims who were scammed in the past seven months. Together, they lost over 1.6 million euros, an average of almost 60,000 euros per case. Five cases involved amounts of 100,000 euros and more. ‘It all happened at lightning speed, in three quarters of an hour all my savings were gone,’ says Geraldine. She too lost more than a tonne.
‘Security is a top priority at Bunq,’ the bank stated in a written response. ‘That is why we use advanced technologies such as AI, biometric security and secure communication. The only way to become a victim is to give up your personal and login details yourself.’ The bank also claims that ‘the average fraud amount among phishing victims at Bunq is lower’ than at other banks, but would not substantiate this when asked. Legal expenses insurers are also seeing an increase in the number of cases. Moreover, according to judicial sources, the number of ready-made Bunq phishing sites offered on the black market, which criminals can set up without much work, is increasing. Bunq has been offering bank accounts since 2015 and likes to present itself as a contemporary alternative to traditional banks. It has no physical branches and has also been described as primarily a tech company. Last year, it gained many savings customers due to relatively high interest rates.
Unnoticed
That attackers can steal so much money is the bank's fault, experts believe. ‘The banks I know can stop this,’ says fraud expert Pepijn Slappendel of DataExpert, who assists several banks. Shairesh Algoe, responsible for fraud prevention at ABN Amro for years: ‘This is not a new type of attack. You cannot prevent fraud 100%, but I think banks generally detect it.’ ‘We cannot imagine that an expert familiar with the facts would draw such a conclusion,’ Bunq responded. The attackers mainly use two methods. In at least eight cases verified by NIS, they manage to hijack customers' login details as well as the required facial recognition scan, can break into the account and then transfer large sums of money. ‘That's really suspicious behaviour, that should be a red flag,’ says Slappendel. In the other method, which NIS recognised in at least nine cases, the attackers manage to convince victims to install software on their device, which allows them to take control. ‘That's a bit harder to spot, but there are ways to do that too,’ Slappendel said. Security is not a topic that really drives Ali. He just wants to offer the best possible product to customers. (Former Bunq employee)
In recent years, all major banks built in a cooling-off period in the fight against phishing. If a customer wanted to transfer more than their daily limit, they had to raise it and then wait four hours. Bunq never took that measure, but it did something similar: if customers accessed a new device, they had to wait 24 hours before they could transfer money again. That was soon shortened to one hour and then abolished, according to Bunq in response to customer complaints and because it made no difference in practice. The victims are collateral damage, a former Bunq employee tells NOS and NRC. ‘Security is not an issue that really drives Ali,’ he says of Bunq chief Ali Niknam. ‘He just wants to offer the best possible product to customers. That doesn't include having to wait for hours if you want to raise a limit.’ Three other former employees also say the bank subordinates security to user-friendliness, but Bunq argues that this is ‘demonstrably false’.
Settlement
The 28 duped customers are generally angrier at the bank than at the scammers. None of them managed to get in touch with a staff member, everything was done through the chat in the app. It is policy at the bank, which wants to communicate only digitally. Incidentally, the group of 28 victims received an invitation for an interview from Bunq on Thursday afternoon.
‘Gone is gone’
Victims also complain about Bunq's SOS option for fraud cases, which is said to be flawed. They say that application did not make any difference. One customer, Floor Hendriks, felt she was so poorly served at Bunq that she called her other bank's fraud desk. ‘I have my current account at Rabobank; they then helped me there in the middle of the night to file a report,’ she said. She did not hear from Bunq until 10 hours later. Bunq contradicts that the option is useless. ‘This may be the perception of the victims, but it is demonstrably false.’ The handling also differs. Other banks give scam victims their money back in similar cases, if they meet certain conditions. As a rule, victims get nothing back from Bunq. Gone is gone, is Bunq founder Niknam's mantra. ‘It is like giving someone your car keys outside on the street. Then your car is gone,’ Niknam said in conversation with a victim.
Source: https://nos.nl/artikel/2521727-phishing-aanvallers-opvallend-succesvol-bij-bunq-veiligheid-geen-thema
The Municipality of Alphen aan den Rijn has warned residents about a data leak caused by double-sided printed letters. The error occurred when sending letters to people in debt to the municipality's Serviceplein. ‘Due to human error, the letters were accidentally printed double-sided, resulting in two letters ending up on one paper,’ the municipality said.
As a result, some of the recipients received details of other people in debt. After discovering the data leak, the municipality sent a letter of apology to all those affected, asking them to immediately destroy the double-sided letter. In addition, the apology letter stated who the affected residents could contact for information and where to file a complaint.
The municipality has reported the data breach to the Personal Data Authority (AP). Last year, the AP received almost 26,000 reports of data breaches. In 10,000 cases, they involved data leaks due to mistakenly sent letters containing personal data. ‘Only if there is a serious privacy breach should this type of data breach be reported to the AP,’ the privacy regulator explains in the annual report.
Source: https://www.security.nl/posting/840923/Gemeente+Alphen+lekt+gegevens+inwoners+via+dubbelzijdig+geprinte+brieven?channel=twitter
Distribution center Vice Versa destroyed, fire not yet under control after 24 hours
The Vice Versa distribution center on Kanaalstraat in Oss burned to the ground, but the fire brigade still cannot control the fire. The Brabant-Noord safety region reported this on Saturday morning, a day after the fire started. The adjacent buildings have been spared. The fire brigade has been extinguishing the fire since half past four on Thursday night. The fire only grew bigger during Friday evening. “Everything we have is being used.” says a spokesperson for the Brabant-Noord Safety Region. Late on Friday evening, he did not dare to say how quickly the sea of fire could be overcome. But it was already clear at that time that not much progress was being made. "It's not working out the way we would like to see."
Twenty degrees below zero
The fire brigade is present at the company in Oss with various fire brigades, more than 250 people strong. They try with all their might to put out the fire, but cannot do so from within. The fire is in a large cold room of the company where it is 20 degrees below zero, causing fire hoses to freeze. The building is very slippery due to frozen fire extinguishing water. "We can only extinguish the fire from the outside. That is much less effective," the spokesperson said. Parts of the building were also on the verge of collapse, meaning firefighters could not extinguish the fire at close range. The smoke could be seen in the area on Friday evening.
Stop lines
The fire brigade hoped on Friday evening that the fire could be stopped by installing stop lines. "Then you make a separation in places, for example where a building ends. There you try to extinguish the fires with water cannons to prevent the fire from spreading." Residents of Vechtstraat and IJsselstraat were unable to spend the night at home due to the smoke. They looked at whether they could stay with family or friends. If that didn't work, they received help from the municipality of Oss to find a hotel or other place.
NL-Alert
The smoke spread throughout the area and could be seen from the A59, in Heesch and even Nijmegen. At the beginning of the evening, an NL Alert was sent to local residents. According to the safety region, no harmful substances were released during the fire. However, many particles from burned solar panels have blown into the environment. These are not dangerous in themselves, but can be sharp.
Keeping livestock indoors
Local residents are advised not to pick up soot particles in their garden with their bare hands, but with gloves, and to wash their hands afterwards. Larger particles must be reported to the municipality of Oss. In addition, dog owners are advised to take steps when walking their dog. "Don't let these eat soot particles!" Farmers in the area have been asked to keep their livestock indoors for the time being. The animals can ingest soot particles when grazing and this can be harmful.
Burning distribution center is difficult to extinguish: 'It will last a while'
The fire in the logistics company Vice Versa in Oss has still not been extinguished. The fire was discovered around half past four on Friday morning at the logistics company that transports refrigerated and frozen products. According to the fire brigade, it is food that is on fire. The fire spreads out of the building at the beginning of the evening. The smoke can therefore be seen far into the area. This is a complex fire, because the fire rages in a cold room. The fire extinguishing water is frozen, making it very slippery and that makes the situation unsafe to enter at the moment, a spokesperson explains. The temperature in the cold rooms is minus twenty degrees. Local residents have received a NL alert. They are advised to keep their windows and doors closed because of the smoke. "Despite the cold, things can still catch fire," explains a firefighter present at the fire. "Cold and fire are two different forces, but it is still possible."
This concerns large foodstuffs that are stored on high shelves. According to the firefighter, the seat of the fire is difficult to reach and that is the biggest problem when extinguishing the fire. "We are trying to extinguish the fire largely from within. This will take some time. We are still fine with it for the time being," says the firefighter. The Brabant-Noord Safety Region says on X that the fire brigade has difficulty reaching the fire due to the slippery cold room. A fire-fighting robot is being used to get the fire under control. Various fire brigades from throughout the region and even from other parts of the country are helping to extinguish the fire. Water is supplied from the Burgemeester Jansenhaven so that there is enough fire extinguishing water. Kanaalstraat is therefore closed to traffic. Several companies are therefore not reachable.
Source: https://www.omroepbrabant.nl/nieuws/4464836/distributiecentrum-verwoest-brand-is-na-24-uur-nog-niet-onder-controle
Moth infestation at Rabobank headquarters: 'They flutter around'
The Rabobank head office suffered from a moth infestation for more than a year. The 26-storey building on Croeselaan suffered from moths and larvae. A Rabobank employee says that moths flew over the work floor. “I saw pictures of larvae falling out of the wall last year,” the employee said. "Now the moths are already fluttering around, but not as many as last year." Everything necessary was done to combat the moths. According to the employee, there were traps hanging throughout the building to catch the moths. Various pesticide sprays were also used last year. Other employees confirm that there are indeed moths flying around the office. One of them says that the cause has already been found and that things have not been so bad since then.
Cause known
The problem with the moths was indeed known before, a spokesperson for Rabobank confirms. This year this was on a larger scale than last year, after which it was decided to remove insulation material. On floors 4 to 24, the moths laid larvae in the insulation material. From the beginning of April, all floors were closed in turn and the material was removed. The insulation material turned out to be the culprit. "We wanted to use nice biological material for the acoustics, so that you were not too bothered by a colleague who was talking on the phone next to you. But the moths turned out to be crazy about that. They laid eggs in the material," says the spokesperson. When spring came, the eggs hatched and employees started experiencing problems.
The biological material was removed last month. "It was an unpleasant situation for colleagues, but it has now been addressed," the spokesperson said. Rabobank does not make any statement about how much it cost to replace the material.
Source: https://www.rtvutrecht.nl/nieuws/3733312/mottenplaag-bij-hoofdkantoor-rabobank-ze-fladderen-rond
National PIN failure, many payments failed
A PIN failure caused problems with payments for hours this evening. A spokesperson for the Dutch Payments Association estimated that 30 to 40 percent of all debit card payments were affected. He spoke of a "major disruption". ATMs were not affected by the outage.
The outage started around 6 p.m. and was resolved after a few hours. It appears that the problems started with a transaction processor, says the spokesperson for the Dutch Payments Association. The PIN disruptions led to disappointment among people in supermarkets and shops. At an IKEA branch in Haarlem, staff handed out cookies. At various supermarkets, people were asked at the entrance if people could pay in cash. Otherwise they wouldn't be allowed in.
Source: https://nos.nl/artikel/2520741-landelijke-pinstoring-veel-betalingen-mislukken
Cat caused more than three tonnes worth of damage to new Noardeast-Fryslân town hall
The red cat that flooded part of North-East Fryslân's town hall last year caused damage worth almost 325,000 euros. Initially, the damage was still estimated at several tens of thousands of euros.The town hall in Dokkum was under renovation last year when an employee discovered a cat roaming the building. The creature was so fast and clever that it did not succeed in catching it. It was therefore decided to seal off the building.
Later, the cat probably opened a tap, causing moisture in the walls and furniture. The water also leaked through the floor into the basement.
New walls and floors replaced immediately
Due to the damage, part of the town hall could only reopen later after the renovation. Among other things, walls and floors had to be replaced.
Alderman Bert Koonstra initially thought the damage would run into tens of thousands of euros. Later that was adjusted upwards and now the total damage appears to be over three tons. ‘The damage is covered by the insurance,’ says Koonstra. ‘With that, we can also close this cat case.’
Source: https://www.omropfryslan.nl/nl/nieuws/16541037/kat-veroorzaakte-voor-meer-dan-drie-ton-aan-schade-aan-nieuw-gemeentehuis-noardeast-fryslan
Hospital cancels almost all planned care after partial collapse of parking garage
St. Antonius Hospital cancels almost all planned care for Monday. The Nieuwegein hospital decided this after part of the parking garage collapsed on Sunday evening. According to the hospital, it is not possible to offer a good alternative to all patients and employees who would come by car so soon after the incident. Only planned care that really cannot wait, such as dialysis and heart procedures, will continue. But according to the spokesperson, this is only a very small part of the planned interventions.
The hospital asks employees, patients and visitors to only come to the hospital when necessary and to use public transport or bicycle as much as possible. Care in the hospital's nursing wards continues unchanged. The hospital did not have to evacuate parts of the building. The parking garage will most likely remain closed for a longer period of time. "That cannot be arranged in a week," a spokesperson for St. Antonius Hospital told NU.nl. On Sunday, all ramps of the parking garage managed by Q-Park collapsed due to an unknown cause. The emergency services that arrived en masse found no people under the rubble. One person was present in the garage when it partially collapsed. He was not injured.
Source: https://www.nu.nl/parkeergarage-nieuwegein/6314417/ziekenhuis-zegt-haast-alle-planbare-zorg-af-na-deels-instorten-parkeergarage.html
Supplier ABN AMRO hit by ransomware
Last week, a supplier of ABN AMRO, AddComm, was hit by a ransomware attack. This may have given unauthorized persons access to ABN AMRO customer data. This concerns a limited number of customers. Customers who may have been affected will be contacted by us in writing. We deeply regret this situation at our supplier and offer our sincere apologies.
Impact on customer data
At this time there are no indications that unauthorized persons have actually used the customer data. ABN AMRO's systems were not affected.
What measures have been taken?
Immediately after the discovery of the ransomware, AddComm hired external cybersecurity experts and subsequently informed its customers, including ABN AMRO. ABN AMRO is in close contact with AddComm and has temporarily stopped providing services with this supplier.
What is being done now?
External cybersecurity experts at AddComm are currently investigating exactly what data has been stolen. We are contacting customers whose data may have been involved in this attack in writing.
Report to the Dutch Data Protection Authority
The data breach was reported by ABN AMRO to the Dutch Data Protection Authority and supervisors. A report to the police is prepared by AddComm.
Source: https://www.abnamro.com/nl/nieuws/leverancier-abn-amro-geraakt-door-gijzelsoftware
Phishing attackers remarkably successful at Bunq: ‘Security not an issue’
Phishing scammers are targeting customers of online bank Bunq, managing to loot sums of often tens of thousands of euros per victim. This is according to research by NOS and NRC. According to experts, the attackers' modus operandi is unlikely to be successful with other banks, and the size of the amounts looted is also surprising. Security measures that other banks do have are lacking, and customers are generally not compensated. NOS and NRC verified the stories of 28 victims who were scammed in the past seven months. Together, they lost over 1.6 million euros, an average of almost 60,000 euros per case. Five cases involved amounts of 100,000 euros and more. ‘It all happened at lightning speed, in three quarters of an hour all my savings were gone,’ says Geraldine. She too lost more than a tonne.
‘Security is a top priority at Bunq,’ the bank stated in a written response. ‘That is why we use advanced technologies such as AI, biometric security and secure communication. The only way to become a victim is to give up your personal and login details yourself.’ The bank also claims that ‘the average fraud amount among phishing victims at Bunq is lower’ than at other banks, but would not substantiate this when asked. Legal expenses insurers are also seeing an increase in the number of cases. Moreover, according to judicial sources, the number of ready-made Bunq phishing sites offered on the black market, which criminals can set up without much work, is increasing. Bunq has been offering bank accounts since 2015 and likes to present itself as a contemporary alternative to traditional banks. It has no physical branches and has also been described as primarily a tech company. Last year, it gained many savings customers due to relatively high interest rates.
Unnoticed
That attackers can steal so much money is the bank's fault, experts believe. ‘The banks I know can stop this,’ says fraud expert Pepijn Slappendel of DataExpert, who assists several banks. Shairesh Algoe, responsible for fraud prevention at ABN Amro for years: ‘This is not a new type of attack. You cannot prevent fraud 100%, but I think banks generally detect it.’ ‘We cannot imagine that an expert familiar with the facts would draw such a conclusion,’ Bunq responded. The attackers mainly use two methods. In at least eight cases verified by NIS, they manage to hijack customers' login details as well as the required facial recognition scan, can break into the account and then transfer large sums of money. ‘That's really suspicious behaviour, that should be a red flag,’ says Slappendel. In the other method, which NIS recognised in at least nine cases, the attackers manage to convince victims to install software on their device, which allows them to take control. ‘That's a bit harder to spot, but there are ways to do that too,’ Slappendel said. Security is not a topic that really drives Ali. He just wants to offer the best possible product to customers. (Former Bunq employee)
In recent years, all major banks built in a cooling-off period in the fight against phishing. If a customer wanted to transfer more than their daily limit, they had to raise it and then wait four hours. Bunq never took that measure, but it did something similar: if customers accessed a new device, they had to wait 24 hours before they could transfer money again. That was soon shortened to one hour and then abolished, according to Bunq in response to customer complaints and because it made no difference in practice. The victims are collateral damage, a former Bunq employee tells NOS and NRC. ‘Security is not an issue that really drives Ali,’ he says of Bunq chief Ali Niknam. ‘He just wants to offer the best possible product to customers. That doesn't include having to wait for hours if you want to raise a limit.’ Three other former employees also say the bank subordinates security to user-friendliness, but Bunq argues that this is ‘demonstrably false’.
Settlement
The 28 duped customers are generally angrier at the bank than at the scammers. None of them managed to get in touch with a staff member, everything was done through the chat in the app. It is policy at the bank, which wants to communicate only digitally. Incidentally, the group of 28 victims received an invitation for an interview from Bunq on Thursday afternoon.
‘Gone is gone’
Victims also complain about Bunq's SOS option for fraud cases, which is said to be flawed. They say that application did not make any difference. One customer, Floor Hendriks, felt she was so poorly served at Bunq that she called her other bank's fraud desk. ‘I have my current account at Rabobank; they then helped me there in the middle of the night to file a report,’ she said. She did not hear from Bunq until 10 hours later. Bunq contradicts that the option is useless. ‘This may be the perception of the victims, but it is demonstrably false.’ The handling also differs. Other banks give scam victims their money back in similar cases, if they meet certain conditions. As a rule, victims get nothing back from Bunq. Gone is gone, is Bunq founder Niknam's mantra. ‘It is like giving someone your car keys outside on the street. Then your car is gone,’ Niknam said in conversation with a victim.
Source: https://nos.nl/artikel/2521727-phishing-aanvallers-opvallend-succesvol-bij-bunq-veiligheid-geen-thema
Translated from Dutch to English with Google translate