A long-standing Europol employee posted by the Dutch police took dossiers containing sensitive personal information home and copied them onto a hard drive. The information ended up in the hands of a TV station.
Dutch media have reported a huge data leak at Europol, the EU’s law enforcement agency based in The Hague. A staff member allegedly took classified information home and made digital copies of the data on a hard drive. This Lenovo storage device was connected to the Internet. More than 700 pages of confidential information ultimately landed in the hands of TV magazine Zembla who exposed the leak.
Extent of leak is unclear
According to Wil van Gemert, former Director of the Dutch National Intelligence Service AIVD and now Deputy Director of Europol, the possibility that parties other than the TV station have also had access to this information cannot be ruled out. However, Europol stressed that the leaked information does not jeopardise any current investigations. A security investigation has been launched to find out why the staff member, who was posted by the Dutch police to Europol and had been working there for 11 years, took the information home with her and copied it.
Zembla reported that the information contains hundreds of names and telephone numbers stored by Europol in the course of 54 terrorism investigations. The documents also include analyses of the Hofstad Group, an organisation regarded as a terrorist entity by the Dutch intelligence agencies until a court of appeal revoked this classification in 2009.
The leaked files also include information on the terrorist attacks in Madrid. The documents are therefore thought to include parts of the analysis work file Hydra in which Europol processes persons, objects and procedures related to “religiously-motivated terrorism”. Contact persons are also stored in this work file.
New data protection system
Some of the persons included in the leaked data are probably still under surveillance. Hydra currently contains 686,000 datasets, including 67,760 entries on individuals. To tackle the phenomenon of so-called foreign fighters, Europol set up Travellers, another analysis work file containing 33,911 “person-related data entries”. The higher-level Europol information system contains records on another 5,877 foreign terrorist fighters.
A Europol spokesperson underlined that the agency has a “very robust system” to protect classified information. A new data protection system is in place to safeguard the processing of information up to the classification “Confidential”, with all information being exchanged over the protected SIENA network. As the system failed to prevent this data leak, the security protocols are now to be reviewed. According to the BBC, Europol’s current director, Rob Wainwright, a former analyst from the British Security Service MI5, will take part in a seminar in London dedicated to data protection and online privacy.