VTM News and Het Laatste Nieuws report that the Zwijndrecht police fell victim to a hacker. A lot of data was leaked as a result.
The hack was noticed by Daniël Verlaan of RTL Nieuws in the Netherlands. He saw the link to the police data on the internet and forwarded it to Het Laatste Nieuws, among others. The hacker tried to extort the Zwijndrecht police and threatened to put the data online. Money did not yield this hack of the police network, but the perpetrator can say that he has caused one of the largest data breaches ever for the Belgian government.
The hacker would have been able to view police data from 2006 to September 2022. Among those data are “several thousand PVs”, which often also contain photos. In some cases, for example, it even concerns photos of underage, abused victims that have also been leaked. Number plates recorded by ANPR cameras and information obtained by the police from telecom operators also leaked out along with the PVs.
To circumvent the security of the police network, the hacker did not need high-tech equipment or a super-fast computer. The system used by the police to log in remotely was so poorly secured that the password could simply be guessed. Two-step verification was not set up, which made breaking into the system a piece of cake.
Marc Snels, the chief of police of the Zwijndrecht police zone, tells VRT NWS that fortunately the entire network was not hacked. The chief of police says that only the administrative network was affected. It would mainly contain information from the staff such as “employee lists and photos of staff parties”. The thousands of PVs and license plates that have been leaked should actually be on a second, professional server with better security. That this was not the case, according to the police zone, is the result of a “human error”.
After discovering the data breach, the police disconnected all systems and all employees received new passwords. The police will also contact the people whose data was leaked.