Internet Security Center
Total Tests:
This Week:
Today:
Cybercrime Investigations Weekly
A US Federal Contractor Linked To The $46M Crypto Theft Arrested
March 12, 2026
Finnish Psychotherapy Center Hacker Gets Nearly 7 Years In Prison
March 5, 2026
Former Exec Gets 7+ Years For Selling Hacking Tools To Russian Exploit Broker
February 26, 2026
Spanish Police Arrest A Man For Allegedly Booking Luxury Hotel Rooms For One Cent
February 19, 2026
Former US DOD Employee Faces Up To 100 Years In Prison For Aiding Nigerian Scammers
February 12, 2026
Stay in Touch

Get the latest updates, weekly insights, and invites to webinars and events.


Your data will stay confidential Private and Confidential

ImmuniWebInternational Media Coverage

Experian Netherlands Credit Rating Agency Gets €2.7 Million GDPR Fine for Personal Data Collection

CPO Magazine
By Scott Ikeda for CPO Magazine
Monday, October 27, 2025

The credit rating agency experienced another data breach in 2015, this one involving 15 million records largely tied to those that had credit checks for T-Mobile service done by the company. A 2020 incident with the regional South African branch saw another 24 million personal records leaked, along with information from about 800,000 businesses. There was another regional leak in Brazil in 2021 that resulted in the data of 220 million of its citizens being leaked, to include highly sensitive identity and income tax information. And in 2022 the company’s website was compromised when it was found that simply changing a small string of characters could bypass part of the identity authentication process and take an attacker directly to someone’s credit report. The credit reporting agency received a prior GDPR fine in Germany in 2022 in connection with this incident.

Dr. Kolochenko, CEO at ImmuniWeb, notes that the full scope of damage in this story may go beyond the elements the GDPR fine was issued for: “While the total number of affected EU residents, whose personal data was processed by Experian, remains unknown in this specific incident, we are likely talking about many millions. In the UK alone, where Experian faced similar troubles with the UK ICO in the previous years, it was reported that the credit score giant collected information about as many as 51 million British residents. Therefore, in this case, one may easily estimate the number of EU residents whose personal data was used without notice or consent. Worse, practically speaking, the personal data in question is highly sensitive, even if not expressly labeled as such by the blank ink of GDPR, and its misuse or disclosure can cause long-lasting and material damage to affected persons. In view of the long duration of such processing and taking into consideration the substantial financial harm suffered by individuals by unlawful processing activities, the Dutch DPA’s fine seems to be surprisingly mild and lenient. Having said this, the story unlikely ends here. The European Court of Justice has recently affirmed that individuals may sue for non-material damage when their GDPR rights are infringed, significantly expanding litigation opportunities for many plaintiffs whose damage is not quantifiable in simple numbers. In this incident, we will probably see numerous private lawsuits for both material and non-material damages. Lastly, in some countries, legal insurance companies offer generous coverage of legal expenses in GDPR-related disputes. There, we may witness an avalanche of lawsuits against Experian.” Read Full Article


Previous Media Publications:

Infosecurity Magazine: JLR Hack UK's Costliest Ever, Hitting Economy with £1.9bn Loss

Infosecurity Magazine: Experian Fined €2.7m For GDPR Breach in Netherlands

This website uses cookies to provide you with a better surfing experience. To learn more, please visit our Privacy Policy. By continuing to use this website you consent to our use of cookies.

Ask a Question