Dutch underestimate cyber threats, privacy watchdog says; 25,000 data leaks reported
The Dutch Data Protection Authority (AP) received 25,694 reports of data leaks last year, 21 percent more than the year before and amounting to about 70 leaks per day. According to the government’s privacy watchdog, Dutch organizations and businesses underestimate the risk of cyber attacks.
Organizations underestimated the consequences of a cyber attack in seven out of ten cases last year, the AP said in its annual report. As a result, affected citizens couldn’t arm themselves against possible fraud and identity theft.
About 20 million people’s data leaked in the Netherlands last year. “With your data in hand, criminals can really do harm,” said AP chairman Aleid Wolfsen. “With your telephone number or email address, they can send you payment requests that you may accidentally click on. With a copy of your passport, someone else can take out a loan in your name. Your data is worth gold to criminals.”
Most cases - almost 20,000 - required no further action after the leak was reported to the AP. The regulator did an additional check into 5,900 reports and launched investigations into 27 reported leaks.
Over 1,300 of last year’s data leaks involved a cyber attack. According to the AP, cybercriminals often target IT suppliers, which typically manage large amounts of personal data on behalf of organizations.
One such attack happened on Nebu, a Wormerveer company that supplies the software market researchers use to measure customer satisfaction. Hackers broke into Nebu’s systems last year and gained access to the names, addresses, emails, and phone numbers of tens of thousands of people who participated in customer surveys.
According to the AP, 190 companies that worked with Nebu reported that their data was leaked. They had to inform around 50,000 people that their personal information was in the hands of criminals.
The AP urged companies not to underestimate a data leak and to always report it to the regulator - which they are legally required to do. “People must be able to trust that organizations handle their personal data properly. That also includes that an organization informs you properly if something goes wrong with your data. Because how can you keep control of your life if you are not told what happens to your data?” Wolfsen said.
