The Dutch Authority for Digital Infrastructure (RDI) has fined telecommunications provider Odido €1.5 million after identifying serious shortcomings in the security of its wiretapping system. The investigation revealed that poor access controls allowed external suppliers to reach sensitive surveillance infrastructure, potentially exposing state secrets and criminal intelligence data.
External Suppliers Had Access to Sensitive Surveillance Data
Investigators determined that Odido’s digital security framework failed to adequately restrict access to its wiretapping system. As a result, third-party suppliers were able to connect to the environment, creating a significant risk of unauthorized exposure of classified data.
The RDI emphasized that wiretapping systems hold highly confidential information, including intercepted communications, such as phone calls, text messages, and emails, obtained under judicial or intelligence authority. Unauthorized access to such systems could compromise investigations and national security operations.
“Because the stored data includes state secrets and criminal information, the security of these systems must meet the strictest legal standards,” the RDI noted following its decision.
Odido Implements Fixes After Regulatory Action
Odido has since reinforced its wiretapping system, addressing the identified vulnerabilities and closing access loopholes. The RDI confirmed that the telecom provider has now eliminated the risk of unauthorized access to the surveillance infrastructure.
Wiretapping systems in the Netherlands are governed by stringent laws that require telecom providers to maintain robust technical and procedural safeguards. These systems can only be accessed under the order of the Public Prosecution Service or the national intelligence and security service.
The RDI’s latest action follows a similar case last year when Vodafone was fined €2.25 million for failing to secure its wiretapping platform in compliance with Dutch legal standards.
