Too many companies that are hit by hackers or cyber attacks are failing to warn people that their personal information may have fallen into the wrong hands, the Dutch privacy watchdog Autoriteit Persoonsgegevens (AP) said on Wednesday.

In seven out of 10 cases, companies and other organisations underestimate the risk and people whose information has been stolen are unable to “arm themselves” against cyber criminals, the AP said. 

“Do not underestimate the fact that if your details end up in the hands of criminals, you could be hurt,’ AP chairman Aleid Wolfsen said.

“Having your phone number or email address means they could send you payment requests that you accidentally accept. A copy of your passport is enough to take out a loan in your name. Your data is worth a fortune to crooks.” 

In total, the AP received more than 25,000 reports of data leaks last year, compromising the data of some 20 million people. 

People were not informed in 62% of cases in which sensitive information, such as religion or sexual orientation, was stolen, even though this is required by law, the AP said.