On May 4, UWV made an alarming discovery when it was found that a single account had gained disproportionate access to CVs on werk.nl, with strong indications of downloading these CVs. The affected CVs belong to both job seekers receiving benefits and those without, utilizing werk.nl to secure employment opportunities. Some CVs also contain sensitive personal information of the job seekers. UWV has promptly notified the Dutch Data Protection Authority about this concerning incident. The account responsible for the unauthorized access has been immediately blocked, and an investigation is underway, as it is suspected to involve improper use of the CVs.
Judith Duveen, Director of Werkbedrijf at UWV, expressed deep concern over the incident, emphasizing that werk.nl is designed to facilitate connections between job seekers and employers, and such unauthorized access is highly inappropriate. Urgent measures have been taken to address the situation, and efforts are underway to inform affected individuals about the implications of this unauthorized access and possible download for suspected improper use.
Affected individuals whose CVs have been accessed and potentially downloaded will receive notifications from UWV detailing the extent of the information accessed. UWV will also provide guidance on minimizing the impact of this breach.
Downloading CVs from werk.nl is a legitimate part of the services provided, allowing employers to identify potential candidates for their vacancies. However, the disproportionate access and potential download of CVs by a single entity violate the terms of use of werk.nl. UWV considers this a serious breach and is implementing additional measures to prevent such unauthorized access and downloading of CVs in the future.
This incident echoes a similar breach in 2019, where 117,000 CVs were unlawfully downloaded for improper purposes. Subsequent measures, including the installation of monitoring software and the implementation of secure login methods for employers, have been instrumental in quickly identifying and addressing such breaches.