A data breach at the Dutch land registry Kadaster has exposed the addresses of every homeowner in the Netherlands, an investigation by RTL Nieuws has found.
The privacy watchdog AP called for the agency to close the loophole immediately after it was discovered by journalists.
The Kadaster’s website includes a search facility that allows anyone to find the owner of a registered property.
Owners of professional accounts can also use the website to search by name and find individual addresses, for a payment. The service is primarily meant to be used by real estate professionals, such as estate agents and notaries.
This facility is supposed to be limited to companies registered with the Chamber of Commerce (KvK), but RTL was able to obtain an account using another company’s details because applications are not vetted. The bill for the searches is then sent to the company’s business address.
RTL also published screenshots from Telegram chats in which people offered to search the land registry’s database for a home address for a fee of around €50.
Privacy experts say the security breach is open to abuse by criminals, stalkers, blackmailers and hackers, as well as people who sell personal details illegally.
“It’s typical of the government that they don’t have a clue how dangerous this information can be,” cybersecurity expert Dave Maasland told RTL. “They’re operating a Yellow Pages for criminals.
“It’s incredibly naïve to think that this facility won’t be abused.”
Aleid Wolfsen, chair of the privacy regulator AP, said: “This security breach is a huge risk to journalists, activists and politicians who are being threatened. But also anyone who’s dealing with an angry, stalking ex-partner.
“Anyone can turn up on their doorstep and threaten them or worse. We have asked the Kadaster to take immediate steps to close this loophole.”
The land registry said it had “significantly strengthened” its security systems since the breach was exposed. “The Kadaster takes these reports of potential abuse of access to personal details extremely seriously,” the organisation added.
The land registry is not the only government agency to be criticised for making it too easy for people with malicious intentions to target home addresses.
Derk Wiersum, a lawyer defending a key witness in the trial of alleged drugs baron Ridouan Taghi, was shot dead on his doorstep by a gunman who searched the Chamber of Commerce’s database for his details. Wiersum was registered at his home address as an independent legal professional.