An investigation has uncovered thousands of stolen Dutch passports, ID cards, and other sensitive documents on the dark web.
According to RTL Nieuws, these documents were stolen from Dutch companies through ransomware attacks. The news outlet found over 5,100 stolen digital copies of IDs, along with other documents like bank account statements, pay slips, and even divorce papers.
These stolen documents, packaged into bundles, are being sold for “tens to hundreds of Euros” on the dark web, RTL said, and they’re allegedly “in demand.”
There’s a thriving ecosystem for stolen data on the dark web. Cybercriminals purchase this data for identity theft and other malicious schemes.
The Dutch Data Protection Authority has expressed “great concern” over these findings and the potential for “particularly drastic” consequences for victims.
About 160 IDs Stolen From Each Company
While RTL Nieuws did not name the companies these documents were stolen from, it said they spanned different sectors, including financial services and transportation. About 30 of the companies didn’t pay ransom.
A ransomware attack occurs when attackers encrypt (lock) a company’s data, demanding a ransom for decryption. If the company refuses to pay or misses a deadline imposed by the threat actors, the stolen data is published on the dark web.
RTL’s investigation found that an average of 160 IDs were stolen from each affected company, including those of employees and customers. The news outlet revealed that many victims didn’t know their data had been compromised.
One of the victims, Teun, whose data was stolen from a mortgage lender, expressed shock at the revelation. Despite seeking help from various agencies, he found little support.
“The police couldn’t help me, because it was Russian cybercriminals who had stolen my data. And they couldn’t get the documents from the dark web,” Teun said.
Anne, another victim, was shocked to find not just her email address or date of birth stolen but highly sensitive documents, including her passport, pay slips, and divorce papers “containing sensitive details about the handling arrangement for her child,” the report said. Anne has since decided to store her data on another account for safety.
How to Protect Your Data
The Dutch Data Protection Authority has outlined several steps for individuals to keep their data from falling into the wrong hands.
Among other things, the organization says individuals should never share sensitive information unnecessarily and secure any documents they do share by crossing out and redacting sensitive information — using watermarks. Victims are also encouraged to put in a request for organizations to delete their data.
In addition to these tips, we recommend you:
- Use strong passwords and multi-factor authentication across all of your online accounts.
- Use a trusted antivirus and VPN (virtual private network) software for protection against malware and malicious networks. Some VPNs, like NordVPN, have built-in dark web monitoring to alert you if your data is posted on the dark web.
- Monitor your accounts and credit report for suspicious activity and set up alerts or freeze your credit if possible.
- Report the theft to your bank, credit card issuers, and other relevant institutions.
- Change your account numbers, login IDs, and passwords if your accounts are affected by a breach.
Read our guide to protecting yourself from identity theft for more safety tips.
Victims of this breach are advised to contact the Central Identity Fraud Hotline in the Netherlands for support and to report identity fraud.
For more news, follow us on X (Twitter), Threads, and Mastodon!
