08 October 2019
On Tuesday, 1 October, we received an unpleasant surprise when police informed us that the personal details of Strukton Rail employees in the Netherlands and Eurailscout employees in the Netherlands had been stolen.
Our Compliance Officer immediately proceeded to the police station to obtain more information and to file a report concerning the theft and misappropriation of company data. An internal investigation was immediately launched on the basis of the information provided by the police.
On Thursday, 3 October, the investigation showed that a temporary employee who is no longer working at Strukton photographed the data of probably all Strukton Rail and Eurailscout former and existing employees in the Netherlands. This employee had access to this data pursuant to his function. Exactly what was stolen: names, dates of birth, initials, address details, date hired, date of departure (if applicable) and bank account numbers. At the present time everything indicates that this was a one-off and individual action. On Thursday, 3 October, we reported the incident to the Dutch Data Protection Authority (Autoriteit Persoonsgegevens).
We truly regret this incident and are doing everything in our power to avoid its reoccurrence. The reality is that theft can never be entirely excluded.
This incident shows that the abuse of confidential information is always lurking around the corner. We are doing everything we can to prevent data leaks. Further to this incident we will be evaluating all our working arrangements and processes, and where possible implement improvements.