Due to a data leak in the Dutch populist-nationalist party Forum for Democracy’s new social media app, the private data of its entire membership is now public. The leak comes one week after their ‘ForumApp’ was presented by FvD leader Thierry Baudet during a well-attended member’s convention.
The news was brought to light through an RTL News investigation on Thursday, November 1st. By all accounts, the extent of the leak is considerable. Home addresses, phone numbers, and bank account numbers, both of FvD’s 92,901 current members and former ones are now no longer private. In addition to having made those affected more susceptible to fraud, it has revealed their political affiliation—something they might have wanted to keep secret, as the FvD is a highly controversial party in the Netherlands that some seek to ban outright.
Apart from revealing personal data, the leak also reveals dates when members joined FvD and whether they have made financial contributions to the party. Research shows that more than 43,000 members have contributed since the beginning of this year.
Baudet’s own data was also compromised, along with that of fellow MPs Gideon van Meijeren, Pepijn van Houwelingen, and Freek Jansen. Former members such as Joost Eerdmans, Annabel Nanninga, Henk Otten, Wybren van Haga, and Eva Vlaardingerbroek are also affected.
Otten reacted to the news by saying it was “extraordinarily unpleasant,” and that fines, should the FvD be proven to be in breach of the privacy laws, could result from this. While he deems himself less affected through virtue of being a public person already, Van Haga termed it a “stupid mistake” and “annoying.”
Forum for Democracy managed to quickly fix the leak after RTL News made them aware of the fact, before the media outlet had moved to publish the news. It verified the leak as well as the leaked data after having received an anonymous tip. It is unknown who has (or had) access to the data.
An FvD spokesman told RTL that “we deeply regret that this leak could have occurred. The leak has now been plugged and measures have been taken to prevent repetition in the future.” All sensitive system components have been temporarily taken off the air “as a precaution,” he added. The party is considering taking on an outside agency to review its IT systems.
Since the ForumApp was connected to the back end of the Forum’s website (containing the accounts of all members), one could log into the app through a Forum account. However, at the back end, there was no system in place to check on who requested what data and whether they even had permission to do so. In short, anyone could request the website to reveal the identity of any account number. Through this process, one could retrieve and download the Forum’s entire membership database.
On its website, FvD speaks of having suffered a potential cyber attack. The party said it is commissioning a forensic investigation into a possible “hostile attack” on its IT systems. Depending on the result, it will then “decide whether or not to press charges.”
The ForumApp launched last weekend, and could only be downloaded if one had an FvD membership number. The app was said to be the beginning of a network “that brings together freedom-loving Dutch people under the name of the FvD” and would include “a huge business network of five hundred FvD entrepreneurs,” according to its website.
