The Dutch Data Protection Authority (AP) last year received 1,173 reports of data leaks in which hacking, malware or phishing were used.

AP termed the trend as an “explosive” increase in hacks aimed at looting personal data. The numbers are up 30% on 2019 and follows a 25% the previous year.

“Many people are personally affected when criminals manage to steal their personal data,” authority chairman Aleid Wolfsen said. “Criminals use the stolen data for identity fraud and to carry out spam and phishing attacks. The damage of such scams can be such that people really get into trouble and

The “very sophisticated” criminals target organisations that process a lot of personal data and, increasingly, have been present in a network for a long period before striking, according to the authority.

The criminals spend the time exploring and mapping the organisation’s network. They try to gain more privileges, for example acquiring system administrator rights, after which personal data is stolen or a ransomware attack is carried out.

It is estimated between 600,000 and two million people were affected by a data breach which took just one step to log in.

“People entrust their personal data to organisations, assuming they handle it carefully. Unfortunately, that is not always the case and great suffering could easily have been prevented with good security,” said Wolfsen.

“Multi-factor authentication is a very simple security measure that is mandatory when processing sensitive personal data, but that organisations should actually implement by default everywhere. That could prevent a lot of suffering.”

The figures were released days after a report by IBM Security showed ransomware attacks globally increased 20% in 2020, compared to the previous year. The proportion of attacks involving data theft increased from 5% to 13% over the same period.

Register for free to receive the latest privacy, security and data protection news and analysis straight to your inbox