In its statement, Cerba explains that a database containing patients' information was "momentarily exposed" on the internet and that investigations have revealed that unauthorised persons have indeed accessed this database.
A number of analyses sent to Cerba by Ketterthill between January 2017 and June 2021 might be affected. The potentially compromised data includes personal information (surname, first name, birth date, and gender), the nature of the examination as well as the test results. However, Cerba stresses that the database did not contain any information relating to "social security numbers (…), bank details or postal, electronic or telephone contact details".
A complaint has been filed with the French authorities, while Ketterthill has also informed the National Data Protection Commission (CNPD) in Luxembourg.
