Probe after 117,000 job seekers’ CVs are skimmed from UWV website

DutchNews, May 6, 2019

An investigation has been ordered after 100,000 CVs have been illegally downloaded from the website of the employees’ insurance agency UWV. 

Social affairs minister Wouter Koolmees said the 117,000 resumes had been accessed over a period of two weeks from the website werk.nl using the account of a UWV staff member. The employee in question claimed to have been unaware of the activity. 

The national cybersecurity centre NCSC and the privacy watchdog Autoriteit Persoonsgevevens have been informed and the incident has been reported to the police. All those involved have been contacted by the UWV to warn them to watch out for phishing scams and other online fraud. 

IT experts said the episode highlighted weak security at the UWV, which uses the werk.nl website to share the CVs of jobseekers with employers. Jobseekers have the option of uploading ‘open’ CVs, which are freely available, or ‘closed’, meaning they are available on request.

‘Every company that has an account with werk.nl can see job seekers’ details,’ René Veldwijk told Trouw. ‘All that’s happened now is that somebody spent two weeks trawling al those details with a computer programme. It could be criminals, but it could also be a company that wants to use the data to connect job seekers with employees.’ 

He added: ‘The fact that it took two weeks for the UWV to notice that so many CVs were being downloaded shows they’re not looking out for it properly. It was all done through one account. If the perpetrators had been a bit more professional in their approach and used several accounts, the UWV probably still wouldn’t have noticed anything.’