A large data leak at a coronavirus testing company meant that people across the Netherlands could access and download fake test certificates on the CoronaCheck app. The private data of over 60.000 people has also been leaked. 

Data leak at Dutch coronavirus testing company

According to research conducted by RTL Nieuws, Testcoronanu, a testing company that has 13 centres across the Netherlands and Belgium, suffered a serious technical failure over the weekend. 

The data leak allowed any member of the public to access Testcoronanu’s database and add their own (fake) negative test result. By entering two lines of “childishly easy” code, anyone could download a fake test certificate in the CoronaCheck app, which would grant them access to events or festivals or allow them to travel internationally. 

In addition to this, the private data, including home addresses, full names, email addresses, telephone numbers, and social security numbers (BSN), of over 60.000 people who had been tested by Testcoronanu was also leaked and freely accessible to the public. 

Incident raises issue of reliability of CoronaCheck

Testcoronanu was contracted by the Dutch government to carry out tests on behalf of the testenvoorjereis campaign (“test before your trip”). This means the company was subsidised by taxpayers. 

Following RTL Nieuws’ investigation, the Ministry of Health shut down the company’s website in order to ensure that no more fake certificates could be downloaded. All Testcoronanu locations have been closed due to “unforeseen circumstances.”

The leak has left many questioning the reliability of the government’s CoronaCheck app, with Dave Maasland, director of cybersecurity company ESET Netherlands, saying the breach means “you start to wonder who else has abused [the system] in this way.”