Pension fund PME has been hit by a data leak at a software supplier of a market research firm that conducted a risk appetite survey for the Dutch metals and technology industry scheme.
According to a PME spokesperson, the data leaked included family names, age and gender of 95,000 participants, as well as phone numbers of thousands of them.
Income data of active members concerned were also leaked, but email addresses were not because the survey in question was conducted by phone.
The data breach is the largest one ever recorded in the Dutch pension sector. In 2021, data of 50,000 pension participants were exposed due to a data leak at pension administrator Blue Sky Group.
PME declined to name the research firm involved in the data leak. It did say, however, that it happened at a software supplier of the market research firm in question, called Nebu.
The 95,000 victims of the data breach had initially failed to respond to an invitation to participate in a 2022 risk appetite survey. The data of the 26,546 participants who had participated immediately were not leaked.
In total, PME has over than 600,000 participants. This figure includes inactive members.
Eric Uijen, chair of PME’s executive board, was shocked by the data leak. He said in a statement on PME’s website: “This is an extremely unpleasant situation for those affected. I am aware that this brings a sense of unease. Therefore, I want to emphasise that PME is working hard to understand exactly what happened and how we can prevent this from happening in the future.”
PME, which has already notified affected participants about the data breach provided it has their email addresses (other participants will receive a letter next week), warned about phishing messages or “suspicious phone calls”.
In the aftermath of the data breach at Blue Sky Group in 2021, at least 1,000 participants experienced “questionable phone calls,” a subsequent investigation by the pension administrator revealed later.
This article appeared originally in Pensioen Pro, IPE’s Dutch sister publication.
No comments yet