Data that has been used for around 10,000 orders from the Dutch online toy store Toppie Speelgoed has been for sale online at a hackers' forum. A Bol.com spokesperson confirms this to NU.nl on Monday after reporting from the Belgian VRT .
It would be the data of customers in the Netherlands and Belgium, concerning ten thousand orders and therefore probably thousands of customers. Toppie Toys sold toys through Bol.com, among other things, which also made it possible to obtain information from a number of Bol.com customers.
The damage is less severe among Bol.com customers than consumers who bought their toys through Toppie's own site. Bol.com only shares name and delivery address with external sellers, while Toppie itself also records e-mail addresses and telephone numbers.
The hacker is said to have misused a moment when data was transferred from one server of the company to another. In an "intermediate phase" of this process, a mistake would have been made by the company, whereby the data came into the hands of third parties. "This is not about recent orders," Bol.com responds.
Toppie Speelgoed makes a declaration
VRT immediately contacted Bol.com after they found the file with the data, says a spokesperson for the web store. After research by Bol.com, the leak was found to be at Toppie Speelgoed.
"External parties are responsible for storing customer data", Bol.com responds. "We cannot check all storage systems of entrepreneurs."
Toppie Speelgoed makes a report to the police and is said to have reported to the Dutch Data Protection Authority (AP). According to Bol.com that was not necessary, but the company Toppie Speelgoed nevertheless advised to make a declaration as a precaution. "The damage is limited. No passwords or bank details have been leaked."
Bol.com is now investigating the reliability of Toppie Toys.