Cyber security at some 50 car lease companies operating in the Netherlands was so bad that private details about at least 180,000 company car drivers was easily accessed by an IT firm, the AD said on Monday.

The leak was discovered by Sliedrecht-based company ESET which was looking for a new company car supplier for staff. ‘It was childishly simple to access all sorts of privacy-sensitive information, such as where you live, the type of car and how much you had driven,’ spokesman Dave Maasland told the paper.

The 52 lease companies that ESET could access all used the same server. In total, the company was able to find out key information about 180,000 to 250,000 company car drivers, Maasland said.

A special anti-car theft unit set up by car insurers told the paper it is shocked by the ‘dismal security’. ‘We know Eastern European gangs have address lists where certain types of car can be found,’ VbV director Wouter Verkerk told the paper. ‘Such leaks of data allow crooks to shop around very easily.’

Nevertheless, the AD said, it is unclear if thieves have made use of security leaks, which have been fixed since they were found last week.