View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
February 14, 2012

Dutch telecoms firm KPN apologises after hack

Company says its security systems were not up to scratch and apologises after disabling 2 million email accounts

By Vinod

Dutch telecoms firm KPN has become the latest big name to fall victim to hackers after it confirmed a breach and apologised to affected customers.

However there is confusion about whether data posted online, claimed by the hackers to be personal information of more than 500 KPN customers, was in fact taken from the telecoms company.

Following the January hack, personal details of 537 people were posted online. It was claimed by the hackers that the people were KPN customers. According to reports, however, the details were actually from customers of online baby products retailer Baby-Dump.

That company has confirmed that it has suffered a breach and has suggested that all customers should change their password.

Although the data was not from KPN the telecoms company has confirmed that its systems were breached, and issued a strongly-worded mea culpa. The company was forced to disable email access for two million customers for two days while it investigated the breach. It also admitted that its security systems were not up to scratch.

It ran a series of adverts in the Dutch media. "For you and two million other KPN clients it was very difficult and unwelcome. For this we would like to apologise," the adverts read. "We would like to apologise two million times."

According to Reuters, KPN’s Dutch boss Joost Farwerck added: "We will shortly implement a number of changes in the management of our IT organisation to increase quality and effectiveness. The last few weeks have unmistakably shown the necessity for this."

Content from our partners
Rethinking cloud: challenging assumptions, learning lessons
DTX Manchester welcomes leading tech talent from across the region and beyond
The hidden complexities of deploying AI in your business

These steps include improving server security, protecting data and the process by which it notifies authorities of any breaches. Opta, the Dutch telecommunications regulator, has confirmed it is investigating the incident.

Garry Sidaway, Global Security Strategy, Integralis, said this is another example of how many companies are failing to keep their primary systems secure.

"This is another indicator that whilst the headlines say ‘cyber-attack’ hinting at organised criminal, and sometimes government, activity – the reality is that organisations are still struggling to cope with the "day" job of keeping systems secure, up-to-date and ensuring that key resources aren’t stretched to the limit," he said.

"Take a look at last year’s attacks – the pattern isn’t necessarily complex and sophisticated. The exploitation of vulnerabilities are often months old or well documented," he added. "Organisations have a huge task to keep their systems secure and make every effort to balance the risks. This is where expertise and resources have to be focused – expertise that can identify the risks and allocate the correct resources to secure the critical systems."

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.