The court of Rotterdam obliges software supplier Nebu to tell within two days whether data of millions of Dutch people have been leaked. If the company does not do so, it must pay a penalty of 25,000 euros per day. The data breach may have exposed customer data from many large companies.
Nebu fell victim to a cyber attack on March 10. The break-in was not discovered until a day later. Almost a month later, Nebu is still not sure whether data from market researchers Blauw and USP has also been stolen.
That is important information. Because if data from Blauw and USP are leaked, it concerns the data of millions of Dutch people. The market researchers conduct customer satisfaction surveys on behalf of large companies such as VodafoneZiggo and the Dutch Railways. They use Nebu’s software for this.
According to Blauw, the software supplier is difficult to reach and hardly provides any information about the cyber attack. That is why Blauw and USP have filed summary proceedings against Nebu. With this they want to force Nebu to disclose about the cyber break-in and the size of the data leak.
During the hearing on Tuesday, the judge urged the parties to talk to each other. The companies were given two days to do so.
According to the market researcher, conversations did not yield sufficient results
According to Blauw, those talks have not produced sufficient results. That is why the judge ruled on Thursday in summary proceedings. Blue and USP have been proven right by the judge.
Nebu must give full disclosure. If the company does not do so, it must pay a penalty of 25,000 euros per day, with a maximum of half a million euros.
Blauw and USP are not the only market researchers affected by the data breach. Nebu also supplies its software to other research agencies. The Dutch Data Protection Authority (AP) had already received 139 reports on Wednesday from organizations affected by the data leak at Nebu.
