There's no details at all at this time, but the Dutch National Police (Politie) are claiming that the breach was extremely limited and hasn't affected any citizen data. It's unclear if any employee data was impacted.
That article is a nightmare to read. Each paragraph worse than the last. “The data was also stored unencrypted, meaning anyone with a link to the data was able to view it in full.” Who is responsible for the security checks of fin-tech companies? Should app stores run stricter checks or the government or both?
Anyone that trusts a third-party they aren’t required to use with their health data is asking for it. Lucky the damage was seemingly minimal.