Did the Belgian Railways (NMBS/SNCB) leak your data?

First of all, a happy New Year and best wishes for 2013 to all of you.

Although, ‘happy’ … ‘a more secure New Year’ would be a better wish.
In that sense, 2012 ended with some bad news.
Last week (22/12/2012) a data leak on the NMBS/SNCB data website was uncovered.
ossibly 1.5 M customers of the NMBS/SNCB have been exposed on the internet for weeks.

As 1,5M records have been exposed (with 10M Belgian citizens), the chances are high that YOU are impacted.

Meanwhile on Twitter, it has become known as NMBSGate or SNCBGate.
Check Twitter for it:
–        https://twitter.com/search?q=%23NMBSgate&src=hash
–        https://twitter.com/search?q=%23SNCBgate&src=hash

Please check following articles.

Belgian rail firm SNCB Europe sees 1.5m customer details leaked, but fails to take responsibility
http://thenextweb.com/insider/2012/12/24/belgian-rail-firm-sncb-europe-sees-1-5m-customer-details-leaked-but-fails-to-take-responsibility/

An analysis of the leaked personal data of 1.5 million @SNCBEurope customers
http://storify.com/xdamman/sncbgate-nmbsgate

(FR) Post-mortem: LA SNCB met en ligne les coordonnées de 1.400.000 clients
http://patrick.vande-walle.eu/belgium/post-mortem-la-sncb-met-en-ligne-les-coordonnees-de-1-400-000-clients/

(FR) La SNCB divulgue les coordonnées privées de ses clients sur internet
http://www.lesoir.be/143379/article/actualite/belgique/2012-12-24/sncb-divulgue-coordonn%C3%A9es-priv%C3%A9es-ses-clients-sur-internet

(NL) Controleer of uw gegevens ook gelekt werden door de NMBS
http://www.standaard.be/artikel/detail.aspx?artikelid=DMF20130101_017

And also check: http://sncb.fredericjacobs.com/
(If the site hasn’t been taken offline meanwhile or overloaded due to response…)

Some of us have a very common name in Belgium and have a name-look-alike or duplicate that used the SNCB/NMBS services….

What does it mean?
Your personal data like mail address, phone numbers, and login are compromised, which means you can get more spam, fishing, vishing, false or fake registrations and if your mail address can be linked with another leaked website that lost ID/password info, you could be in trouble.

You’ve been exposed ?
The best you can do is to file a complaint to the Privacy Commision.

You can file it in French or Dutch.

Change your password right now and change it frequently.
Change your credentials, logon, passwords, e-mail address.

Don’t use the same logon, mail address and password for different websites.

Only put personal information if really, strictly necessary.

In some cases you should even consider using dummy data.

More sources:
– Belsec: http://belsec.skynetblogs.be/archive/2013/01/01/check-if-you-have-lost-some-information-in-the-sncb-nmbs-dat.html
– Belsec: http://belsec.skynetblogs.be/archive/2012/12/31/nmbs-sncb-1-5-million-dataleak-not-the-first-time.html
– Storify: http://storify.com/xdamman/sncbgate-nmbsgate
– Standaard.be: http://www.standaard.be/artikel/detail.aspx?artikelid=DMF20130101_017
– SNCB Leak check: http://sncb.fredericjacobs.com/

Advertisements

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s