Breach Notification , General Data Protection Regulation (GDPR) , Governance & Risk Management
Belgian Bank Suspects Data Leak Traces to Ex-EmployeeStock Option Plan Details for Employees of Hundreds of Clients Exposed, Bank Warns
A data leak at a private Belgian bank has exposed private information for hundreds of clients across the country. Brussels-based Degroof Petercam suspects the data was stolen by one of its employees.
See Also: LIVE Webinar | Stop, Drop (a Table) & Roll: An SQL Highlight Discussion
The bank works with a number of businesses based in Belgium, offering investment, asset management and other services, including employee stock option plans.
The Dec. 9 breach came to light publicly on Thursday, after Belgium news outlet Le Soir reported that private broadcaster RTL Belgium's owner, Luxembourg-based RTL, had received a breach notification.
"We are writing this message to inform you that a third party has gained unauthorized access to the information system of a subcontractor of RTL Belgium SA and that it has illegally recovered some of your information from said subcontractor," according to the email received by RTL, Le Soir reported.
Degroof Petercam couldn't be immediately reached for comment.
The breach notification said sensitive client files tied to stock option plans had been downloaded to an IP address external to the bank's networks.
The bank says it has informed hundreds of its client organizations that their employees' stock option plan details were exposed in the breach. The exposed data includes an employee's mailing address, email address, user ID, bank account numbers, passport and ID card numbers, and financial data.
The bank says the data exposure leaves these individuals at elevated risk of fraud and urges all affected customers' employees to regularly review their credit card and bank account statements, watching for signs of unusual activity.
Company officials say they have confirmed no motive for the alleged data theft, but a spokesperson told The Brussels Times that the "potential malicious behavior" traces to "a former employee" who accessed data that he would have been able to access "in the normal course of his work."
The spokesperson added that only Stock Option Plan accounts were affected by the breach, and said, "We assume he did this with a view to approaching clients in connection with a possible launch of a competing SOP office."
The bank reportedly plans to take legal actions against the employee.
Because the breach of data exposed Europeans' personal information, the company says it has reported the incident to the Belgian Data Protection Authority, which enforces the EU's General Data Protection Regulation in the country.