If you’re living in the Netherlands, you most likely heard the news: data from 700.000 women who took part in population screening (“bevolkingsonderzoek”) has been leaked.

And this wasn’t just basic contact data. It involved highly sensitive personal and medical details – names, addresses, citizen service numbers (“BSN”), and even screening outcomes. The kind of information people trust organizations to protect with the highest possible care.

However, this isn’t an isolated case. Even with cybersecurity programs and technical controls in place, data breaches still happen . Millions of records are stolen every year, and both SME (“MKB”) as well as enterprise organizations experience security incidents annually.

Every organization that processes personal data carries both a legal (e.g., GDPR, NIS2, HIPAA) and – as far as we’re concerned – an ethical duty to protect it. As we explored in a recent Skuridat article , the consequences of a breach go far beyond technical clean-up:

• Direct consequences Fines, lawsuits, forensic investigations, operational disruption.
• Indirect consequences Reputational damage, loss of customer trust, and long-term decline in confidence.

But the fallout doesn’t stop there. For individuals, the impact can be deeply personal.

For individuals, a data breach isn’t abstract. It’s a hit to confidence and security. Victims often feel exposed, stressed, and vulnerable – and it doesn’t stop there.

• Identity theft is rising CBS figures show identity fraud doubled in the Netherlands, up from 0,5% in 2022 to 1% of the Dutch population in 2024.
• Financial losses Criminals rarely use one leak in isolation. They combine information from multiple breaches, piece it together, and use it to apply for loans, impersonate victims, or carry out fraud.

Each leaked dataset can ripple into many areas of someone’s life.

To put that into perspective, of the 700.000 women affected, 7.000 could statistically face identity fraud in the coming years. And because this leak involves highly sensitive medical and personal data, the likelihood of targeted misuse is even higher than average.

Organizations usually have playbooks to follow when a breach occurs. But for individuals, it’s less clear. Here are some practical first steps if you suspect your data may have been exposed:

• Check for leaks
  • Visit Have I Been Pwned to see if your email address appears in known breach databases. And while you’re there, don’t forget to turn on the notifications.
  • Check your BKR registration for suspicious loans or credit activity. Report anything out of the ordinary to the Police.
  • In case of stolen IDs, follow guidance via the Rijksoverheid or register with the CMI.
  • If you’ve become a victim of fraud or ransomware, you can also turn to Slachtofferhulp Nederland for support.
• Take immediate action
  • Change your passwords – especially if you’ve re-used them.
  • Turn on multi-factor authentication (MFA) wherever possible.
  • Use a password manager to generate and store unique passwords.
• Reduce future risk
  • Add watermarks to sensitive documents before uploading (e.g. “for use by [organization] only”). Also, you can use the Dutch government’s KopieID app when sharing sensitive documents. It allows you to redact information that isn’t needed by the recipient and adds a watermark to clearly mark it as a copy.

While the names of the agencies differ, most countries offer similar services to the Netherlands: credit bureaus, government ID fraud reporting, and data breach checkers. The key point is the same everywhere – act quickly, limit damage, and prevent re-use of your data.

At the organizational level, these incidents underline once again that protecting customer and citizen data isn’t optional – it’s mission critical. True security goes beyond compliance: it means continuous monitoring, strong governance, and implementing layered security. From access control and encryption to employee awareness and incident response, security must be part of your DNA.

At Skuridat, we help organizations strengthen resilience by:

• Monitoring for credential leaks, shadow assets, and phishing domains
• Securing systems and processes against real-world threats
• Supporting leadership as a virtual CISO to build security into decision-making