The Public Prosecution Service (OM) demanded two months in prison on Thursday against a 29-year-old man from Tiel. He is suspected of breaking into the website of a general practice in The Hague and subsequently asking thousands of euros to plug a data breach.

The director of the Haagse Huisartsenpost was called in August 2017 with the announcement that there was a leak in the website of the Hospitals station. This would make it possible to access the e-mail addresses, usernames, passwords and bank account numbers of the doctors who work at the GP service.

Shortly afterwards, the director received a quote offering to remedy the leak for a fee of between EUR 16,500 and EUR 23,000.

According to the Public Prosecution Service, the offer was accompanied by a "threatening announcement" in which it was said that the out-of-hours GP service would probably have to pay a fine if the leak were made public. In addition, "significant reputation damage" would occur.

The director goes to the police, who came to the Tielenaar after an investigation. The police found the leaked information on the man's laptop and the IP address used during the hack could be linked to his laptop. Screenshots of the hacking method used have been found on the man's phone and the GP practice appears to have been called from his girlfriend's phone.

White hat hacker

According to the Public Prosecution Service, the man sees himself as a white hat hacker - someone who hacks for social reasons - but the Public Prosecution sees this differently.

White hat hacking is not a criminal offense, but can only take place under strict conditions, the Public Prosecution Service states. That was not the case here. For example, without prior consultation with the GP service, the Tielenaar had exposed the leak, downloaded sensitive information and then asked for money to fix it again.

The verdict is in two weeks.