Post · bonfire.cafe

Post

Are there people who, just like in the aftermath of a major tragedy, catch themselves thinking:

“Please don’t let it be a Muslim…”, not only because of the horror itself, but because of backlash that will be unleashed on an entire community?

And who now think something similar about a #hack:

“Please don’t let it turn out to be a poorly configured open-source system…”

Just to avoid months of dealing with a lazy, broken narrative?

Asking for a friend…

#odido

https://nltimes.nl/2026/02/12/odido-cyber-attack-hackers-gained-access-62-million-peoples-data

NL Times

Odido cyber attack: Hackers gained access to 6.2 million people's data

Hackers have managed to break into Odido’s systems and gained access to a file containing customer data for potentially 6.2 million people, a spokesperson for the telecom provider confirmed to NOS.

h3artbl33d :openbsd: :antifa:

@h3artbl33d@exquisite.social replied · 4 hours ago

@wlaatje

Isn't it more likely that they end up blaming an external party that did the "customer service" for them?

Wladimir Mufty

@wlaatje@social.edu.nl replied · 4 hours ago

@h3artbl33d yep, we saw that before…

When something is truly important, such as deciding where and how someone’s personal data is stored… it is a choice to handle it yourself or not. Outsourcing may be efficient, but it also means giving up control. Some responsibilities may simply be too important to delegate.

Why do they keep the pasport document number? Why not a value: Passport-verified ✅ and delete the actual value?

Why keep it? A failure of data minimization.

https://www.turing.law/hack-at-laboratory-who-is-the-data-controller/

Turing Law

Hack at Laboratory – Who is the Data Controller? • Turing Law

A hack at a Clinical Diagnostics laboratory in Rijswijk between July 3 and 6 this year was major news this summer. The personal data of hundreds of thousands of patients were stolen. Potentially affected are 850,000 women whose data were accessible and processed by this laboratory.[1] The Stichting Bevolkingsonderzoek Nederland (‘SBO’) was substantively informed about ...

h3artbl33d :openbsd: :antifa:

@h3artbl33d@exquisite.social replied · 4 hours ago

@wlaatje

Amen to that. They shouldn't keep identification documents on file. Same with the date of birth. Striclt seen, they don't need much more than a verified name, perhaps address and bank account number when working with SEPA incasso.

Nuke the rest of the data.

bonfire.cafe

A space for Bonfire maintainers and contributors to communicate

bonfire.cafe: About · Code of conduct · Privacy · Users · Instances

Bonfire social · 1.0.2-alpha.27 no JS en

Automatic federation enabled