Skip to main content
Netherlands News in English

Main navigation

  • Top stories
  • Health
  • Crime
  • Politics
  • Business
  • Tech
  • Culture
  • Sports
  • Weird
  • 1-1-2
Image
A woman works on her bills, stressed about her finances.
A woman works on her bills, stressed about her finances. - Credit: Mactrunk / DepositPhotos - License: DepositPhotos
Crime
financial trouble
Debt
financial administrator
email
domain name
cybersecurity
cybercrime
fraud
scam
Odido
Data leak
Wesley Neelen
Netherlands Internet Domain Registration Foundation
SIDN
Aegis
Nadja Jungmann
Monday, 8 June 2026 - 10:17

Share this article:

Opens in a new window Opens in a new window Opens in a new window Opens in a new window Opens in a new window Opens in a new window

Financial administrators' poor email security put many people with money trouble at risk

Cybercriminals have easy access to data from financial administrators’ poorly secured old email addresses, RTL Nieuws reports. As a result, the personal data of people with financial problems - a group particularly vulnerable to fraud and exploitation - can easily end up in criminals’ possession.

Financial administrators manage the affairs of people unable to do so themselves, for example, due to debt or an intellectual disability. Hundreds of thousands of people in the Netherlands are under financial administration. These administrators possess highly sensitive data about their clients, including tax documents, medication data, payslips, doctors' bills, fines, and bills from their telecom provider, with an overview of all calls, much of which arrives via poorly secured email.

This leak was discovered by ethical hacker Wesley Neelen when he delved into the leaked Odido data and noticed that many people were using their administrator’s email addresses for their bills. Many of these email addresses were no longer in use, and he was easily able to register and take over the website and associated mailbox.

"Technically speaking, it is very easy. I was surprised that so many emails were still coming in even though the inbox hadn't been in use for a while,” Neelen said. In a few weeks, Neelen gained access to 258 financial files of people with debts. After that, he closed the mailbox.

The emails he received contained details about people’s private lives. For example, an email from a Rotterdam housing corporation read: “The home is again severely filthy, and the lady appeared confused.” Another contained a death certificate and a last will.

“I am shocked by this; this data leak is truly terrible,” Nadja Jungmann, a professor of debt and collection at Utrecht University of Appleid Sciences, told RTL Nieuws. “You don’t want people to know you have debts anyway. But these people are also vulnerable and become victims of crime more easily. If they receive an offer to earn extra money quickly, they are more likely to accept it.”

Jungmann thinks that administrators don’t know how many emails go to their old domain names. “I can imagine that the administrators are also shocked. It really should be a wake-up call that this is unacceptable.

A financial administrator’s email address can go unused for various reasons, including bankruptcy, merger, or the discontinuation of services. According to the Netherlands Internet Domain Registration Foundation (SIDN), organizations receive a warning when sensitive domain names expire. But despite these warnings, many don’t take action.

Aegis, the trade association for financial administrators, told RTL that it would warn its members about this issue. "Due to the sensitivity of the information administrators possess and the vulnerability of many of our clients, we must be extra vigilant about this. Aegis will educate members about the risks, and we are looking into whether we can reach a protocol."

More like this

Image
Odido's headquarters building in The Hague. Undated
Voice of fake IT employee links Dutch criminals to Odido hack
Image
Odido's headquarters building in The Hague. Undated
​​New scams emerging as leaked Odido data pops up on social media
Image
Odido's headquarters building in The Hague. Undated
Hackers leak another 1 milion lines of stolen Odido data
Image
The sign outside a police station near Leidseplein in Amsterdam. 30 April 2023
"Highly likely" a foreign country behind massive Dutch police data breach, says minister
Make NL Times your top Google source

Follow us:

Latest stories

  • Escaped wallaby roams free in Middenmeer, police hunt for owner
  • Man stabbed near Johan Cruijff Arena in Amsterdam; Suspect arrested
  • Video: Drunk wrong-way driver strikes taxi on A1 near Naarden
  • Animal rights groups win court ruling halting the culling of fallow deer in Zeeland
  • Police seize drugs, loaded revolver from SpongeBob backpack in Almere; 2 women arrested

Top stories

  • Video: Man and woman stabbed in Helmond apartment
  • Fourth regional heat wave possible in Netherlands late July
  • 45-year-old Dutch man arrested after stabbing and chasing man at Swiss train station
  • Man shot inside Amsterdam-Zuidoost home
  • Second stuntman hurt after being catapulted at Zwarte Cross festival

© 2012-2026, NL Times, All rights reserved.

Footer menu

  • Change Privacy Settings
  • Privacy Policy
  • Contact
  • Partner Content