Authorities in the Netherlands have defended the country”s digital COVID-19 testing system after a “serious” security flaw was unveiled.
An investigation by RTL Nieuws found a major leak on the website of Testcoronanu, a Dutch company linked on the government website.
The probe found that any online user could access Testcoronanu’s records and create fake negative test certificates in the Dutch CoronaCheck app.
Users could edit two lines of coding to automatically create a valid negative COVID-19 certificate, it said.
RTL Nieuws also found that the leak resulted in the personal information of more than 60,000 citizens — who had taken a coronavirus test with the company — being compromised.
The Dutch Ministry of Public Health, Welfare, and Sport closed down the Testcoronanu website on Sunday and have urged citizens to rebook a test with a different company.
But despite the investigation, the authorities have stood by the system and say the country’s plans for a Digital Green Certificate have not been affected.
“A serious information security flaw was present,” said a joint statement from the Dutch Ministers of Health and Infrastructure.
“The vulnerability found at Testcoronanu BV is so serious that the connection was suspended immediately,” it added, saying the leak had also been reported to the Dutch Data Protection Authority.
“We have not received any signals that anyone other than the RTL journalist has gained access to the database.”
Authorities added that Testcoronanu had met the country’s “strict” requirements for connecting to the country’s COVID-19 app and said they were investigating the company’s security further.
Testcoronanu has ten locations in the Netherlands and has been carrying out over 3,000 COVID-19 tests each day.
“We would like to emphasise that the serious vulnerability found only affects one of the test providers connected to CoronaCheck and that measures have been taken immediately,” the statement added.
“The safety and reliability of the CoronaCheck app were not compromised.”
The European Union has previously been warned about the security of digital COVID-19 certificates, to protect them from cybercriminals.