April 27, 2020

Lessons to be learned following Netherlands Covid-19 app data breach

As scientists and technologists around the world race to find solutions to the coronavirus crisis, apps are quickly being developed with data protection being compromised.

The Covid-19 Alert app, developed in the Netherlands, suffered a data breach this week1 when its source code was published online for the purpose of government shortlisting. The rushed action resulted in around 200 names, email addresses and hashed user passwords from another project being exposed.

Kingsley Hayes, managing director at data breach and cybercrime specialist Hayes Connor Solicitors, said: “The current pandemic has made a significant impact on businesses and people, placing unprecedented pressure for a solution and an end to the challenging circumstances we all find ourselves in.

“The race to develop and launch apps to track the spread of Covid-19 has started but the fundamental issue of data privacy is being lost. The data breach suffered in the Netherlands was a result of human error and time pressure exposing the details of nearly 200 individuals in the process.

“The breach occurred in the early stages so while the damage was relatively limited, it’s a sobering thought that the country’s population of in excess of 17 million people could have been using the app with poor security systems and processes in place.

“Reporters at the Guardian were able to access confidential documents relating to the NHSX Covid-19 tracking app being developed in the UK via an unrestricted portal earlier this month2. The memo stated that MPs could be given the right to identify individuals via their smartphones – an alarming fact that has been denied by NHSX.

“There is no doubt that a timely solution to the crisis is urgently required however, data protection must not be a secondary thought. The violation of confidential medical data in these circumstances can have far reaching future consequences for individuals including potentially restricting freedom of movement and impacting employment.

“Researchers in Boston have proposed solutions utilising anoymised ID numbers for users which would serve to both help track and control the virus, while simultaneously preserving individuals’ rights to privacy.

“We find ourselves in incredibly challenging times but while an imminent end to the crisis is sought, data protection, and the damaging effects of data breaches, should remain front of mind.”

For more information about Hayes Connor Solicitors, visit the website at www.hayesconnor.co.uk