The Dutch Minister of Economic Affairs, Henk Kamp, advocates to increase the protection of data in the two main contract registers of the energy sector. Kamp wants the energy sector to become more aware of the risks involved in the security of data.
Earlier this year data from over 2 million Dutch households were stolen. In a letter to The House of Representatives (Tweede kamer) Kamp writes that the energy sector should take responsibility for these kind of incidents. “I expect the sector to offer security solutions within a short amount of time so that we can prevent these kind of incidents in the future.” The data was stolen by an employee from one of the energy suppliers, it is not clear which one, and came from the so called CER register, a register where data is stored from citizens who terminated their contracts, and the C-AR register, the register with new contract data between households and energy suppliers. The registers contains addresses but no phone numbers, email addresses and passwords.
According to Kamp, the Authority Consumer and Market (Autoriteit Consument & Markt - ACM) has been investigating the security levels of these registers since the start of this year. ACM gave out warning signals in May of this year concerning the security levels of energy operators and suppliers. The theft of the data took place in August of this year, it is unclear why, after the warning from ACM, it was possible to steal the data.
Netbeheer Nederland and Energie-Nederland, the branch organisations that manage the data bases, now deny energy suppliers to access to the register.They have not yet expressed any thoughts within which time frame and in what way they will update their data security. In the meantime proposals to improve the security of the registers have been submitted to the supervisory authority, they will have to decide how these issues will have handled.
For more information read here (in Dutch)