Client data of Dutch and Belgian online shoppers put up for sale on the internet

The data of a suspected 10,000 Belgian and Dutch online shoppers are being auctioned on the internet by a hacker. This has been revealed by our colleagues of the VRT newsroom. An investigation has been started. 

The data are personal specifics and details about purchases made in a toy shop. The large majority of the products was purchased from a local Dutch entrepreneur via webshops like Bol.com. 

The whole file with thousands of customer data has been put up for sale on a specialised hackers' forum, and has been labelled as a "bol.com database". It reveals what people bought, what their name is, and sometimes also what the price was. You can see how it was delivered, and what the method of payment was: bancontact or a credit card. 

A leak was discovered at an external partner of bol.com, Toppie Speelgoed. "A hacker struck when we transferred data from one server to another", Mike Bruinsma of Toppie Speelgoed said. Bol.com, a popular online shopping site, said that the "impact for our customers is small because no passwords or accounts were leaked." People who purchased directly from Toppie Speelgoed, were more exposed than Bol.com clients.