The ministry should have reported earlier vulnerabilities in the NL-Alert app | right Now

The ministry should have reported earlier vulnerabilities in the NL-Alert app |  right Now

A potential data breach found in NL-Alert last year should have been reported to the Netherlands Data Protection Authority (AP). This is what the outgoing Minister of Justice and Security Fred Graberhouse wrote in a letter to the House of Representatives.

NL-Alert was released in March last year as an addition to the NL-Alert National Alert System. This is used by the government to warn citizens of danger, for example in the event of disasters or severe crowds. The app allowed people to receive accident reports, view an overview of NL Alerts and search for information about emergency preparedness.

But at the end of April, Grapperhaus wrote that a potential data breach was found, as a result of which users’ location data and possibly other personal data ended up with an outside notification service without permission. Later, a second vulnerability is found, which could reveal the location of other users.

The ministry should have reported the vulnerabilities immediately

According to the Associated Press, the ministry should have reported “at the first sign of a potential violation.” Grapperhaus agrees: “The potential violation should have been reported to the AP without delay. I see this as an important learning point that has now been fixed in the modus operandi. When you have doubts whether or not the AP should be reported, the rule applies. Temporary notification is sent. “

The AP also noted that NL-Alert’s security was not in order. For example, a security vulnerability was identified and there was no revision of the latest version of the application to discover the deficiencies.

See also  The United States to stop investing in fossils abroad

After discovering security vulnerabilities last year, the app was pulled from app stores. However, Grapperhaus writes that the app appears to fulfill a great need. This is the reason for the development of a new application, but “it will only become publicly available upon a careful (external) review of privacy and information security requirements, among other things.”

Leave a Reply

Your email address will not be published.