A data leak at Belgian merchant bank Degroof Petercam has compromised the data of hundreds of the bank’s clients, including major Belgium companies and corporations, Le Soir reports.
An employee of the bank is reported to have abused his access to customer information and illegally downloaded client files. Le Soir learned of the leak after its sister media channel, RTL, was informed by the bank that its data had been compromised on 9 December. These leaks have since been confirmed by Degroof Petercam.
“We are writing this message to inform you that a third party has gained unauthorised access to the information system of a subcontractor of RTL Belgium SA (Editor’s note: Degroof Petercam) and that it has illegally recovered some of your information from said subcontractor,” RTL received in an email.
RTL says that it has been informed of the leak of its information, as well as the information of many more clients of Degroof Petercam. An IT investigation is underway at the merchant bank “following suspicions of an attack on its economic interest and the confidentiality of the data of its customers.” An employee is suspected of downloading company data to an IP address outside of the banks’ systems.
According to a spokesperson for the bank, only professional Stock Options Plan (SOP) accounts are affected by the leak, a niche activity within their “global markets business.” Nevertheless, hundreds of Belgian companies of “various and varied sizes” are rumoured to have been affected by this leak
“This incident is in no way linked to any IT security failure, but the result of potential malicious behaviour by a former employee who entered customer data to which he had access in the normal course of his work. We assume he did this with a view to approaching clients in connection with a possible launch of a competing SOP office,” said a company spokesperson.
- Hacker breaks into Zwijndrecht police server
- Half of Belgian companies fall victim to ‘successful’ cyberattacks
Degroof Petercam is considering “the possibility of initiating legal proceedings against the employee in question.” The legal ramifications of a leak of this size can be significant. Private data is covered by the European Union’s GDPR laws and bank data is protected and privileged. The Belgian Data Protection Authority (APD) has been notified of the leak.
Some of the leaked information includes the data such as addresses, emails, telephone numbers, user IDs, bank account numbers, passport and ID card numbers, and financial data. The bank has invited customers affected by the leak to “regularly check their credit and bank account statements to detect any suspicious activity.”
This is not the first time that Degroof Petercam has come into the spotlight. In 2019, the National Bank of Belgium (NBB) carried out a scathing audit of the bank’s anti-money laundering procedures for both its private and business banking services.