Media finds out poor data security practices at KPN Bank
KPN does not have security in order, according to a study by Trouw after a technician had forgotten his laptop at a customer and never picked it up again. The laptop gave access to sensitive documents from the Dutch telecom company with a few mouse clicks. The information includes business customers, the government, the US military and NATO.
The KPN Security business unit warns that a quarter of companies sometimes lose a device. Precautions are therefore of great importance. But looking at the laptop is also not always good at KPN. For example, the home screen had no password: logging in was not necessary. Furthermore, all kinds of company websites were stored in the internet browser, including username and password.
To test the security, Trouw opened the TeamKPN intranet. A secure connection or entering an extra code (two-step verification) was not necessary. This lack of extra security is risky, because the documents are available for collection on TeamKPN. Such as organization charts with references to the AIVD, Defense and the Royal Family. These are marked as confidential.