Dutch authorities defend COVID-19 digital testing system despite security breach
Dutch authorities have defended the country’s COVID-19 digital testing system after a “serious” security breach was discovered.
A RTL Nieuws survey found a major leak on the website of Testcoronanu, a Dutch company linked to the government website.
The investigation revealed that any online user can access Testcoronanu’s records and create false negative test certificates in the Dutch CoronaCheck app.
Users could change two lines of coding to automatically create a valid negative COVID-19 certificate, he said.
RTL Nieuws also found that the leak compromised the personal information of more than 60,000 citizens – who had taken a coronavirus test with the company.
The Dutch Ministry of Public Health, Welfare and Sports shut down the Testcoronanu website on Sunday and urged citizens to book a new test with another company.
But despite the investigation, authorities backed the system and said the country’s plans for a digital green certificate had not been affected.
“A serious information security breach was present,” said a joint statement from the Dutch ministers of health and infrastructure.
“The vulnerability found at Testcoronanu BV is so severe that the connection was immediately suspended,” he added, adding that the leak had also been reported to the Dutch data protection authority.
“We have not received any signal that anyone other than the RTL reporter has gained access to the database.”
Authorities added that Testcoronanu had met the country’s “strict” requirements to log into the country’s COVID-19 app and said they were further investigating the security of the company.
Testcoronanu has ten locations in the Netherlands and has performed over 3,000 COVID-19 tests every day.
“We would like to stress that the serious vulnerability found only affects one of the test providers connected to CoronaCheck and that action was taken immediately,” the statement added.
“The security and reliability of the CoronaCheck application has not been compromised.”
The European Union has already been warned about the security of COVID-19 digital certificates, in order to protect them from cybercriminals.