Thousands of Dutch passports stolen in ransomware attacks available on dark web
Thousands of Dutch passports are available on the dark web. These and other sensitive documents were all stolen in ransomware attacks on Dutch companies in recent months, RTL Nieuws reports after monitoring ransomware attacks and the data stolen in then for a year.
The broadcaster found digital copies of over 5,100 Dutch IDs published on the dark web. It also found other sensitive documents of many thousands of Dutch people, including bank account statements, pay slips, and even divorce papers. Malicious parties can use such documents to commit identity theft.
The broadcaster spoke to victims whose documents are available online, and many weren’t aware of the fact. According to RTL, they now fear that criminals will eventually misuse their identity.
The documents were stolen in ransomware attacks on Dutch companies. Ransomware is a type of malware that encrypts the data on infected computers. Victims have to pay a ransom to get their data back. If the company refuses to pay the ransom, the criminals publish the stolen data.
Dozens of Dutch companies have fallen victim to a ransomware attack in recent months. Over 30 did not pay the ransom. According to RTL, an average of 160 IDs, usually of employees or customers, were stolen from each of them. Several of these companies said they were willing to pay but couldn’t figure out how - the hackers’ email had ended up in the spam folder.
The stolen documents are bundled and resold to other cybercriminals, according to the broadcaster. The bundles of documents cost between a few tens and hundreds of euros.
The amount of stolen data is a “great concern,” the Dutch Data Protection Authority told RTL Nieuws. The consequences of identity theft can be “particularly drastic.” In identity fraud, the criminal poses as someone else to sign up for subscriptions or open credit cards, among other things.