Dutch Data Protection Authority (AP) EUR 2.7 million fine for GDPR violations on Experian must stop the conduct and delete its database before year-end
Regulatory/Legal Action
Summary
Hide ▲
Show ▼
The Dutch Data Protection Authority (AP) fined Experian Netherlands EUR 2.7 million for GDPR violations, escalating enforcement over unlawful personal-data use affecting people in the Netherlands. The penalty follows findings that Experian collected data from public and private sources and used it to produce credit assessments without properly informing people or obtaining consent. Experian said it will not appeal the AP's decision and has ceased operations in the country.
Related Happenings
Dutch Ministry of Finance hit by network compromise
Incident
First: 24.03.2026 14:03
Last: 24.03.2026 14:03
Sources 1
About this happening:
The **Dutch Ministry of Finance** confirmed a **cyberattack breach** that affected **some employees** after unauthorized access was found in internal systems. The ministry said it...
Dutch Ministry of Finance hit by network compromise
IncidentAbout this happening: The **Dutch Ministry of Finance** confirmed a **cyberattack breach** that affected **some employees** after unauthorized access was found in internal systems. The ministry said it...
Latest development: 31.03.2026 10:52
The Dutch Ministry of Finance shut down some systems on March 23 for security reasons, including the digital portal for treasury banking, leaving approximately 1,600 public institutions unable to view treasury balances online or use portal functions for loans, deposits, credit, intraday limit changes, and report generation, while regular banking channels and full access to funds continued.
Odido hit by network compromise
Incident
First: 12.02.2026 20:18
Last: 12.02.2026 20:18
Sources 1
About this happening:
**Odido** said a **cyberattack** exposed personal data from its **customer contact system**, affecting **6.2 million customers** after unauthorized access was detected on the week...
Odido hit by network compromise
IncidentAbout this happening: **Odido** said a **cyberattack** exposed personal data from its **customer contact system**, affecting **6.2 million customers** after unauthorized access was detected on the week...
Latest development: 24.02.2026 13:40
ShinyHunters claimed responsibility for breaching Dutch telecommunications provider Odido, added the company to its dark web leak site, and said it had stolen nearly 21 million records. The gang also claimed the stolen material includes internal corporate data and plaintext passwords, while Odido denied that passwords, call details, social security numbers, or billing data are involved.
Ivanti EPMM mobile-data theft campaign targeting European governments
Campaign
First: 10.02.2026 11:45
Last: 10.02.2026 11:45
Sources 1
About this happening:
A **coordinated Ivanti EPMM campaign** is now linked to breaches at multiple **European government** bodies, raising concern that staff and mobile-user data were exposed across se...
Ivanti EPMM mobile-data theft campaign targeting European governments
CampaignAbout this happening: A **coordinated Ivanti EPMM campaign** is now linked to breaches at multiple **European government** bodies, raising concern that staff and mobile-user data were exposed across se...
Latest development: 13.02.2026 00:05
Shadowserver tracked another more voluminous wave of attempted attacks against European government targets around Feb. 9, 2026, and Greynoise said 83% of the exploitation spike came from a single IP address on a bulletproof hosting service rather than the IOCs Ivanti published.
European Commission hit by cyberattack
Incident
First: 09.02.2026 11:49
Last: 09.02.2026 11:49
Sources 1
About this happening:
The **European Commission** is investigating a **cyberattack** on its **mobile device management platform**, which may have exposed staff **names** and **mobile numbers**. The inc...
European Commission hit by cyberattack
IncidentAbout this happening: The **European Commission** is investigating a **cyberattack** on its **mobile device management platform**, which may have exposed staff **names** and **mobile numbers**. The inc...
Timeline
-
19.10.2025 17:24 1 articles · 7mo ago
Experian Netherlands credit assessments used personal data until January 1, 2025
Victim Impact UpdateExperian Netherlands collected personal data from public and private sources, including the Chamber of Commerce trade register and telecom and energy companies, and used it to issue credit assessments that influenced interest rates and upfront deposits for people in the Netherlands; the Dutch Data Protection Authority said Experian failed to inform people, obtain consent, or justify the collection, and the credit assessments were provided until January 1, 2025.
Show sources
- Experian fined $3.2 million for mass-collecting personal data — www.bleepingcomputer.com — 19.10.2025 17:24
-
19.10.2025 17:24 3 articles · 7mo ago
Dutch Data Protection Authority fines Experian Netherlands EUR 2.7 million
Legal Policy Action UpdateThe Dutch Data Protection Authority imposed a EUR 2.7 million fine on Experian Netherlands for GDPR violations tied to mass collection and use of personal data, and Experian said it would not appeal the decision, had ceased operations in the Netherlands, and would delete its entire database before year-end.
Show sources
- Experian fined $3.2 million for mass-collecting personal data — www.bleepingcomputer.com — 19.10.2025 17:24
- Experian fined $3.2 million for mass-collecting personal data — www.bleepingcomputer.com — 19.10.2025 17:24
- Experian Fined €2.7m For GDPR Breach in Netherlands — www.infosecurity-magazine.com — 20.10.2025 18:00