State bond: major breach on the subscription site of the Debt Agency

The Debt Agency registration pageon which it is possible to subscribe to the new one-year State bond since Thursday, was affected by a data breach.

By using the fields where you can enter your name, date of birth and postal code, it was also possible to consult the details of any other Belgian. Address details then appeared and, in some cases, the name of the legal cohabitant.

The VRT was informed of the leak by an ethical hacker and took the test using the name and date of birth of virologist Marc Van Ranst and Minister of Justice Vincent Van Quickenborne (Open Vld).

Jean Deboutte, director of the Federal Debt Agency, said he took the matter “very seriously”. A few hours later, the leak had been sealed. “Privacy-sensitive fields are now automatically hidden. We will also investigate people who have done systematic research“, said Jean Deboutte.

The government bond application tool is 12 years old and was developed following the success of Leterme bonds in 2011. In recent years, the system has been little used because interest in government bonds has not been high.

“It’s only this year that the number of users has increased significantly and this latest government voucher is a great success. The volumes passing through our site are now very large. Therefore, these types of problems are appearing now. Anyway, we are going to review the entire website, including in terms of security“said the director of the Debt Agency.