2023-08-25 16:58:50
The Debt Agency’s State bond subscription site made it possible to find the addresses of all Belgians, reports the VRT. The flaw has since been corrected.
The Debt Agency registration pageon which it is possible to subscribe to the new one-year State bond since Thursday, was affected by a data breach.
By using the fields where you can enter your name, date of birth and postal code, it was also possible to consult the details of any other Belgian. Address details then appeared and, in some cases, the name of the legal cohabitant.
The bug fixed
The VRT was informed of the leak by an ethical hacker and took the test using the name and date of birth of virologist Marc Van Ranst and Minister of Justice Vincent Van Quickenborne (Open Vld).
Jean Deboutte, director of the Federal Debt Agency, said he took the matter “very seriously”. A few hours later, the leak had been sealed. “Privacy-sensitive fields are now automatically hidden. We will also investigate people who have done systematic research“, said Jean Deboutte.
A lack of security
The government bond application tool is 12 years old and was developed after the success of Leterme bonds in 2011. In recent years, the system has been little used because interest in government bonds has not been high.
“It’s only this year that the number of users has increased significantly and this latest government voucher is a great success. The volumes passing through our site are now very large. Therefore, these types of problems are appearing now. Anyway, we are going to review the entire website, including in terms of security“said the director of the Debt Agency.
1692987384
#State #bond #major #breach #subscription #site #Debt #Agency