Dutch authorities have defended the country’s digital testing system for COVID-19 after a “serious” security breach was discovered.
IN RTL Nieuws investigation discovered a major leak on the website of Testcoronanu, a Dutch company linked to on the government’s website.
The probe found that any online user can access Testcoronanu records and generate fake negative testing certificates in the Dutch CoronaCheck app.
It says users can edit two lines of code to automatically generate a valid COVID-19 negative certificate.
RTL Nieuws also found that the leak had compromised the personal information of more than 60,000 citizens who passed the coronavirus test with the company.
The Dutch Ministry of Health, Welfare and Sports closed the Testcoronanu website on Sunday and urged citizens to rebook the test with another company.
But despite the investigation, authorities backed the system and said the country’s plans to create a digital green certificate were not affected.
“There was a serious lack of information security,” the Dutch ministers of health and infrastructure said in a joint statement.
“The vulnerability found in Testcoronanu BV is so serious that the connection was immediately suspended,” it added, saying that the leak was also reported to the Dutch Data Protection Authority.
“We have not received any signals that anyone other than an RTL journalist has gained access to the database.”
Authorities added that Testcoronanu has met the country’s “strict” requirements to connect to the country’s COVID-19 app, and said they are continuing to investigate the company’s safety.
Testcoronanu has ten offices in the Netherlands and conducts over 3,000 COVID-19 tests daily.
“We would like to emphasize that the discovered serious vulnerability affects only one of the test providers connected to CoronaCheck and that action was taken immediately,” the statement said.
“The security and reliability of the CoronaCheck application has not been compromised.”
The European Union has previously been warned about the security of COVID-19 digital certificates to protect them from cybercriminals.