The number of data thefts by cyber criminals will almost double by 2024. So reports the Dutch Data Protection Authority (AP) in its annual survey of data breaches in the Netherlands. In data theft, cybercriminals steal people's personal data and threaten to sell it or put it on the Internet.
'Be incredibly alert to your data, where you keep it and with whom you share it,' warns AP board member Katja Mur. 'The nastiest things can really happen to you if criminals get hold of your data. Using your phone number or e-mail, they send you fake messages that are barely distinguishable from the real thing, in order to scam you and steal money from you. With a copy of your passport someone can pretend to be you online, for example by taking out a telephone subscription and organizing illegal activities in your name. So be really careful.
Data theft often occurs in cyber attacks involving ransomware. In these, hackers take over computer systems of organizations and "freeze" the data in the systems, then demand a ransom.
Organizations are increasingly preparing for this by making backups of data so that they have a copy of the data for after any hack. But hackers then adapt their tactics accordingly. Cybercriminals are increasingly copying the hacked data sets themselves and then threatening to sell them or publish them online if they don't get money. This is how the criminals try to maintain their revenue model.
This data theft occurred about twice as often in 2024 as in 2023, the AP estimates. Mur: "We can speak of a worrying trend. The AP relies in part on a survey it conducted of organizations affected by ransomware last year. The total number of "successful" ransomware attacks in 2024 was at least 112, according to the AP.
The financial damage of cyber attacks for organizations can be substantial, the AP's survey also shows. There are examples from 2024 where the damage amounts to tons. On average, organizations report that they went down for more than 100,000 euros. Cost items after a ransomware attack include the forced hiring of external cyber experts.