On March 24, RDC received the message that vehicle and personal data are for sale on the internet that may have come from RDC. Immediately after the report, RDC started an investigation to determine whether the data had indeed been obtained through RDC. Further investigation showed that the data did indeed originate from RDC.
This concerns outdated data (from September 2018 to the end of January 2019). Our security log data shows that there has been no question of a hack. We are now investigating how the data ended up outside our domain. When we know more about that, we will get back to you immediately with further information. We are very shocked by this. As a matter of course, we immediately reported it to the Dutch Data Protection Authority. We can imagine that you have questions. You can call the employees of our service desk on 020 – 644 55 53.
If you are approached about this subject by your customers, the press or any other party, you can refer them to us at any time on the above telephone number. We deeply regret this incident, and are doing everything we can to gain insight into how this could have happened, and especially how to prevent it in the future.
On mai 24th RDC gave an update:
We immediately brought in the cybersecurity experts from Fox-IT to conduct forensic investigations with us into the facts of the cyber incident. They have now completed their research and have shared the results with us.
The most important conclusion is that on the basis of the forensic investigation that Fox-IT has done, it cannot be established how the data was accessed. The reason for this is, among other things, that the retention of the various logs was insufficient.