In 2024, the Dutch data protection authority (DPA) received a total of 37,839 data breach notifications. The number of ransomware attacks almost doubled in the same period.
According to the Autoriteit Persoonsgegevens, the increase can be explained by the fact that companies can make bulk reports. In a bulk report, an organization reports multiple data breaches in one notification. In addition, one cyberattack can affect an entire supply chain of services.
The DPA received 23,772 single data breach notifications and 14,067 bulk reports of data breaches.
As in previous years, the most data breach reports in 2024 were about incorrectly sent letters containing personal data (7,937 reports or 42 percent of the total number). The total number of data breach notifications following a cyberattack rose from 1,309 to 6,837 in 2024.
The high number of cyberattack reports can be explained by the cyberattack happening at AddComm. The attack on the customer communications company affected 5,407 organizations that had to file a data breach notification. Over 1.5 million people fell victim to the incident.
“The hack is the best thing that ever happened to us. That may sound strange, but we and our customers learned a lot from it. By processing less data and storing it for a shorter period of time, the impact of a hack is smaller,” Leonie van der Veen, CEO of AddComm says in an interview with the DPA.
According to the DPA’s annual data breach report, in 2023, data was stolen in 24 percent of all reported ransomware attacks. Last year, this happened in at least 53 percent of all cases.
The Dutch DPA recommends checking suspicious login attempts, implementing multi-factor authentication (MFA), thinking critically about processing and storing data, and regularly updating a company’s security policy and protocols.
Your email address will not be published. Required fields are markedmarked