Two recent incidents involving inadvertent personal data exposure

In our new report on recent information security incidents, we examine two cases of inadvertent disclosure of personal data.


The first incident involved a former American Express employee in India who accessed the personal information of other employees after receiving access to a third-party payroll company.

The incident came to light when a message, received from an anonymous source was shared via The Aussie Corporate Instagram account. This message included a video that revealed the nuances of the incident and its scale.

According to the message, the leak included personal information of Asia Pacific employees such as:

  • Names
  • Addresses
  • Bank account details
  • Payment histories
  • Tax file numbers.

American Express representatives admitted that the incident occurred, but has not yet disclosed the number of employees affected or the exact nature of the leaked data.

The addresses of millions of people in the Netherlands have been leaked from the national land registry Kadaster as a result of the second data leak.

RTL Nieuws reported that anyone could gain access to the service's protected systems, which contained the names and home addresses of almost everyone who owned a home in the Netherlands. It was possible to obtain confidential personal data through the Kadaster, using business accounts with fabricated information.
Currently, it is not known whether the vulnerability has been exploited.

We regularly report on inadvertent data leaks, you can also read about the Public Appointments Service incident and the US Patent and Trademark Office (USPTO) data leak.

Subscribe to get helpful articles and white papers. We discuss industry trends and give advice on how to deal with data leaks and cyberincidents.