Municipality of Katwijk reports accidental exposure of resident reports on GitHub
The Municipality of Katwijk has disclosed a data incident where reports about public spaces, including some personal details, were temporarily accessible online. While no misuse has been detected, residents are urged to reach out with concerns as new safeguards are implemented.
| Key Fact | Details |
|---|---|
| Dataset | Fixi reports from 2025 |
| Platform | GitHub (publicly accessible temporarily) |
| Personal Data Exposed | Names, addresses, contact details, and health-related information |
| Location | Municipality of Katwijk, Zuid-Holland |
| Reported By | Information Security Service of the Association of Dutch Municipalities |
| Action Taken | File removed immediately; incident reported to Dutch Data Protection Authority |
| Contact for Residents | fg@katwijk.nl |
The Municipality of Katwijk is responsible for managing local public services, including the handling of resident reports about public spaces. As a government body, it must comply with data protection regulations and ensure the secure processing of personal information.
News & Coffee ☕
Openrijk runs on coffee, curiosity and your support.
Read the full translated article below
Help improve our website
Information about a temporarily publicly accessible dataset
We have established that a dataset containing reports about public spaces was temporarily publicly accessible via GitHub, an online platform for programmers. The file was immediately removed after we received a notification about this from the Information Security Service of the Association of Dutch Municipalities (VNG).
The dataset contained Fixi reports from 2025. The file did not include any fixed personal data fields. However, it has been found that personal data, such as names, addresses, or contact details, were mentioned in the free description field of some of the reports. In some cases, this involved health-related information. The file was uploaded to the programmers' platform for internal research and use. It should not have been publicly accessible. Although the file was technically accessible, the data was not directly readable and could only be accessed using specialist software. The incident does not relate to a vulnerability in the Fixi system itself. It concerns an internal error in the use of an external platform. There has been no evidence of hacking or a system breach.
No indications of misuse
Based on the investigation conducted, there are no indications that personal data has been actively accessed or misused. We have reported the incident to the Dutch Data Protection Authority (AP).
Ray Jie Sam Foek, municipal secretary of the Municipality of Katwijk, says: “We regret that this has happened and we believe it is important to be open about it. Although there are no indications of misuse, we take this incident seriously. We have taken measures to prevent recurrence and remain committed to the careful handling of personal data.”
What does this mean for residents?
For those affected, the risk of adverse consequences is considered low. We understand that it is unpleasant when personal data may have been visible. Residents with questions or concerns can contact the Data Protection Officer by email: fg@katwijk.nl
Measures
We have taken additional measures to prevent recurrence. Internal procedures regarding the use of datasets and external platforms have been tightened.