The Dutch data protection authority AP received more than 27,000 reports of data leaks last year, most of which came from the financial sector, the agency said on Thursday.

In total, the number of leaks rose 29% on 2018, while attacks on companies and individuals involving hacking, phishing and ransomware rose 25%, the agency said.

The AP suspects the true number of data leaks may be higher because not all companies and leaks report leaks, even though they are required to by law. Last year officials investigated 28 cases where they suspected leaks had taken place.

Of the total reports about leaks, 4,600 came from national and local government, a rise of 27% on 2018.

Meanwhile, Maastricht University has confirmed that it paid €197,000 in the form of 30 bitcoin to hackers who broke into its systems at the end of last year, paralysing the university’s internet traffic.

The decision to pay the ransom was the lesser of two evils and a decision that was not taken lightly, Nick Bos, deputy head of the management board, told a seminar on the hack on Wednesday.

According to cybercrime experts from Fox-IT, the hackers succeeded in placing a phishing link on the laptop of one member of staff on October 15 and by November 21 they had complete control over the network. They finally launched the attack on December 23.

Fox-IT has identified the hackers as Grace-RAT, also known as TA-505, a group of Russian speaking hackers who are not necessarily based in Russia. The group has been active for five years and has reeled in more than 150 victims since February 2019.