In the Netherlands, a concerning trend has emerged: organizations hit by cyber attacks often downplay the severity of the breach, leaving individuals unaware that their data has been compromised. According to the Dutch Data Protection Authority ( Autoriteit Persoonsgegevens / AP), this underestimation occurs in seven out of ten cases, leaving millions of people vulnerable to potential fraud and other cybercrimes.


AP chairman Aleid Wolfsen emphasizes the gravity of the situation, stating, “With your data in hand, criminals can really do you harm.” Even seemingly innocuous information like phone numbers or email addresses can be leveraged by cybercriminals to orchestrate scams or phishing attacks. Additionally, sensitive data such as passport copies can facilitate identity theft and financial fraud.

In 2023 alone, the AP received over 25,000 reports of data breaches, affecting approximately 20 million individuals. Despite legal obligations mandating organizations to notify individuals in the event of data breaches, many fail to adequately assess the risks and inform affected parties.

Wolfsen stresses the importance of trust in data handling practices, highlighting the need for transparency when incidents occur. He questions, “How can you keep control of your life if you are not told what happens to your data?”

The primary responsibility lies with organizations, particularly those that engage IT suppliers to manage vast amounts of personal data. Even in cases where a breach originates from a third-party supplier, hiring organizations are accountable for informing affected individuals.

In response to lapses in communication, the AP actively monitors compliance and intervenes when necessary. One notable instance occurred in 2023 after a significant data breach involving IT supplier Nebu. Despite initial reluctance from Nebu’s customers to inform victims, the AP’s intervention led to approximately 50,000 individuals being alerted to the breach, empowering them to protect themselves against potential cyber threats.

While interventions serve as temporary measures, Wolfsen emphasizes the importance of organizations taking proactive responsibility for data protection. Building trust and maintaining transparency are paramount in safeguarding personal data in an increasingly digitalized landscape.

Cookie Consent with Real Cookie Banner