Belgium: Belgian DPA announces potential data breach at Bpost
OneTrust DataGuidance writes:
The Belgian Data Protection Authority (‘Belgian DPA’) announced, on 1 December 2020, that it had learned of a potential security incident at Bpost through media articles. In particular, the Belgian DPA outlined that, given the position Bpost plays in Belgian society, a data breach would have made possible access to personal data and the retrieval of individuals’ post. Furthermore, the Belgian DPA highlighted that it had contacted Bpost in order to receive further information on the incident.
You can read the announcement only available in Dutch here and in French here.
According to Wikipedia, Bpost, also known as the Belgian Post Group, is the Belgian company responsible for the delivery of national and international mail. The Belgian Post Group is one of the largest civilian employers in Belgium.
On November 29, FlandersNews.be reported:
A VRT News investigation has uncovered security and privacy issues with the website of the Belgian post office Bpost. Users of the site were not only able to look up the details of a parcel that was on its way to them or their recipient, but also the details of parcels destined for some other recipients. The details given include a code required to pick up the parcel from a Post Point or a Bpost parcel collection machine. Bpost has since corrected the security breach.