3 min read

Record Number of Data Leaks: Why the Netherlands Is Europe’s Data Breach Leader

Posted by Rick Goud on 8th July 2025

Record Number of Data Leaks: Why the Netherlands Is Europe’s Data Breach Leader image

 

The Netherlands: Europe’s Data Leak Capital and a Global Example 

Each year, DLA Piper’s GDPR Data Breach Survey reveals that the Netherlands reports a record number of data leaks, more than any other European country. This is not due to population size, but rather a strong national culture of transparency and mandatory notification. In fact, the Netherlands, a relatively small country, reports as many data leaks as countries ranked 7 through 30 combined, including much larger economies like France, Spain, and Italy. 

For global security professionals, this makes the Netherlands a unique “early warning system” for understanding the true causes and trends behind data leaks. Dutch data shines a spotlight on where breaches really happen, and why. 

The Dutch Data Protection Authority (Autoriteit Persoonsgegevens, AP) has just published its detailed 2024 Data Breach Report, one of the most comprehensive breakdowns in Europe. What should the world take away from these findings? 

Record Number of Data Leaks in 2024: Human Error and AI-Driven Phishing Are Still on Top 

In 2024, the Netherlands recorded a record 37,839 data leaks - a 50% jump from 2023. This spike reflects both growing risk and a maturing, open reporting culture. 

Letters and Email are Still the Main Cause of Data Leaks 

Once again, misdirected letters and emails top the list. There were 7,937 breaches caused by misaddressed physical mail and 3,332 breaches from misaddressed emails. Together, nearly a third of all reported breaches. Common email mistakes include: 

  • Selecting the wrong recipient (autocomplete errors)

  • Typing errors in email addresses (e.g., john.doe@homtail.com)

  • Sending the wrong or unintended attachment

  • Including hidden information in attachments (such as confidential tabs or social security numbers)

  • Failing to properly classify or secure sensitive content 

These statistics underscore a persistent reality: technology alone is not enough. Human error remains the weakest link. 

AI-Powered Phishing and Account Takeovers: The New Reality 

In 2024, 12% of cyber incidents started with social engineering, often a phishing email tricking someone into sharing their credentials. AI and LLM-driven phishing attacks are increasingly convincing, making it even harder for staff to spot threats. 

Account takeovers now account for 42% of investigated cyberattacks. Once a mailbox or account is compromised, attackers can launch ransomware or large-scale phishing campaigns from within the organization. 

The Impact of Supply Chain Attacks: One Leak, Millions at Risk 

2024 saw cyber incidents of unprecedented scale. A ransomware attack on AddComm, a communications provider, triggered data leaks at over 5,000 organizations and affected more than 1.5 million individuals—showing just how devastating one weak link in the supply chain can be. 

Unmonitored Data Leaks: The Hidden Challenge in GDPR Reporting 

Despite this culture of openness, the Dutch Data Protection Authority could not monitor or investigate the cause of over 11,000 data leaks in 2024. That means that for nearly a third of all reported incidents, the precise cause remains unclear—a challenge even for the most transparent countries. 

Top Sectors Impacted: Healthcare, Government, and Finance 

As in previous years, the highest number of data leaks was reported by: 

  • Healthcare and social care (6,873 leaks)

  • Public administration (4,874 leaks)

  • Financial services (1,985 leaks) 

These sectors handle large volumes of sensitive personal information and face stricter reporting obligations. 

Key Lessons for Organizations Worldwide: Preventing Data Leaks from Human Error and AI Phishing 

  1. Invest in staff awareness and training: Employees remain the first—and often weakest—line of defense. 

  2. Deploy technology to prevent mistakes: Solutions including AI-driven detection and smart classification can help prevent human error and phishing before they happen. 

  3. Turn policy into action: In 40% of Dutch cases, security policy existed but was not properly implemented or enforced. 

  4. Adopt multi-factor authentication (MFA) and monitor for suspicious activity: Protect accounts from takeovers and detect threats early. 

  5. Limit data collection and retention: “What you don’t have, can’t leak.” Practice data minimization. 

  6. Continuously vet your vendors: One weak link in the supply chain can compromise thousands.

Conclusion: Building a Human-Centric, AI-Resilient Data Protection Culture 

The Netherlands demonstrates that even with leading GDPR compliance and a culture of transparency, human error and AI-powered phishing remain the dominant threats. Effective data protection demands a comprehensive approach: combine staff awareness, advanced technology, policy enforcement, and proactive supply chain management. 

If you want to know where your organization is vulnerable to data leaks, the Dutch experience is your global benchmark.
Rick Goud avatar

Rick Goud

CIO & Founder

Published: 8th July 2025

Subscribe to our newsletter
Share this

Enjoy this article? Share the knowledge

Previous

Back to all

Stay informed with Zivver

Subscribe to get more email security tips straight to your inbox.