More data leaks, ransomware attacks reported to data protection authority

Hacker with laptop
"Hacker And Laptop Waiting For Something" Image: Benoit Daoust; via Twitter/@CC_DO

Companies and institutions reported nearly 27 thousand data breaches to the Dutch Data Protection Authority last year, an increase of 29 percent compared to 2018. Most of the leaks came from companies in the financial sector. The number of data leaks due to cyber attacks also increased, especially in the case of ransomware, NOS reports.

"We are seeing a huge increase in data breaches," Monique Verdier of the Dutch Data Protection Authority said to the broadcaster. "Last year we also saw a quarter more reports of attacks such as ransomware." 

The number of reported ransomware attacks skyrocketed, from 58 in 2016 to 902 last year. The privacy watchdog noticed that ransomware attacks are increasingly aimed at large companies. They have much more private data than individuals, and cyber criminals can therefore get much more money out of them. 

The police advise victims of ransomware, and other cyber attacks, to always report it to them, even if they don't want to press charges. "We need all those pieces of the puzzle to get a total overview for investigation," Marijn Schuurbiers of the police's High Tech Crime Team said to NOS. The police also call on victims not to pay the ransom, as this gives cyber criminals more funds to invest in targeting more victims and will not necessarily solve all your problems. The police is cooperating internationally to collect as many digital keys against ransomware as possible. These keys are available to victims through a special police site

Reported data breaches from the government increased by 27 percent last year. Governments have a lot of sensitive information of citizens, which can have a major impact in the event of a breach. In the coming period, the Data Protection Authority will therefore  monitor governments more closely.

The privacy watchdog suspects that not all organizations who had serious data breaches last year reported them, while doing so is mandatory. Last year, the Authority investigated 44 suspicions of unreported data breaches.