Roberto (52) lost a major customer due to an unsafe customer portal

We did our job like we used to do it. After all, we never had any problems. We worked with an international system for which we paid a substantial sum every year. What could go wrong? That's what we found out when we landed a new, major customer. That company was quite technical and set requirements to security. As a random check, they wanted to take a look at our customer portal before uploading all kinds of confidential data and documents to it. Think annual income, plans, and information about their employees.

What followed was an intense discussion with the customer. It was confronting.

It turned out that our settings were completely incorrect. With a fairly simple action, a customer could access the data of another customer. It must be said that this required an understanding of the technology. But simply the fact that this had not been blocked completely is unacceptable, of course.

What followed was an intense discussion with the customer. It was confronting. I felt so embarrassed. In the end, the customer understood our situation. And that mistakes may happen. They were glad that we started working on it that same day. To put things right. But the harm had already been done, so we lost that customer.

We have assumed too easily that it was all right. That has resulted in reputational damage for us.

We have certainly learnt our lesson. To name an example: we now also have a checklist that we use to check software before we start using it. And we keep a much closer eye on the protection of personal data. At first, we did a lot of things based on instinct, like we had always done it. Now we do everything by the book. And check that with each other.

Security and privacy do for the most part involve a human aspect. At the same time, that is the weak link. Even small things such as clicking on an incorrect setting or not doing your research when purchasing a tool can have major consequences.

It concerns the privacy of people. That is worth an extra check.

We have assumed too easily that it was all right. That has resulted in reputational damage for us. And remedying the mistake has cost us quite a lot of time, money, and worries. We could have prevented that. We have also been confronted with the facts: a huge data breach could have occurred. I don't want to think about that.

I want to share our story to ensure that this does not happen to others. Do no wait till things go wrong. Invest that time and energy to find out if you have your affairs in order. It concerns the privacy of people, as well as the reputation of your company. They are worth an extra check!

* The privacy stories on this website are based on actual reports to the Autoriteit Persoonsgegevens. Due to the privacy of those involved, the personal data and some circumstances have been changed. We use models (stock photography) for the images in these stories.