Data breach at our pension provider
Philips Pensioenfonds recently had to deal with a data breach. Unauthorized persons briefly had access to the mailbox of an employee of our pension provider Blue Sky Group. The employee in question works in a department that does not have personal e-mail contact with participants. Nevertheless, there is some leaked participant data. This data is personal and not intended for the outside world. Participants must be able to trust that their (personal) data is in good hands with us. We are very sorry that this leak has occurred. External specialists are investigating the extent of the data breach. In this report we explain the steps Philips Pensioenfonds has taken in response to the data breach.
Digital security is of great importance to Philips Pensioenfonds. We therefore take the resulting data breach very seriously. Measures were immediately taken to prevent a recurrence. There has also been enhanced supervision of all activities relating to tour pension administration and the supervisory authorities and suppliers involved have been informed.
It is clear that the mailbox to which unauthorized persons had access contained files containing data from a group of approximately 500 participants. who receive pension from us (almost all of them live abroad). In addition, the mailbox contained data from approximately 10 former participants who made an outgoing value transfer. This concerns both pension recipients living in the Netherlands and pension recipients living abroad. The data in the files were for example name and address details, policy number, bank account number and pension amount.
The participants concerned will receive a personal message from us. Further investigation to the data breach, wich is almost completed, has revealed that the mailbox contained data of another approximately 100 participants who receive pensions. They are informed about this.
Tips for your own digital security
What can you do yourself to increase your online security? Some general tips:
- When you receive e-mail: always pay close attention to the sender, the e-mail address and spelling mistakes;
- Philips Pensioenfonds never sends you personal information by e-mail. We also never ask for the login details of MijnPPF. We only refer directly to your personal online environment MijnPPF. There you can log in securely with DigiD or with another login method if you do not have a DigiD;
- When visiting our website or MijnPPF, always check whether a lock is visible in the address bar of your browser and the address starts with 'https';
- If in doubt, contact our Service Desk by phone to verify whether an email is authentic;
- Report phishing and any other fraudulent contacts to our Service Desk so that we can take further action
This article is updated on 11, 13, 18 August and 10 September.