Virtual cookies do not taste good

Today, January 28th, is Data Protection Day in Europe, marking the anniversary of the Council of Europe’s Convention 108, the first binding international law securing individuals’ rights to protection of their personal data. In simple terms, this means that certain laws are in place, protecting people’s data against sites collecting personal information from their users within and outside the European Union. However, every law has its flaws, and digitization waits for no one. Experts and victims weigh in on the dangers of the ever digitizing world.

Cyberattacks happen around the world, and the Netherlands is no exception. Since 2022 more people in the Netherlands have become a victim of cybercrime compared to ‘normal’ crime, according to the University of Leiden. Organizations continuously monitor their networks, however identifying a threat remains difficult. According to the University, bettering cybersecurity and fighting cybercrime is a continuous cycle of attack and defence.

One way organizations can collect personal data from their users is by simply requesting access with cookies. Although cookies sound delicious, to cybersecurity experts it is not so appealing. Outgoing state secretary for digitization, Alexandra van Huffelen, says that “by clicking 'yes, yes, yes,' we give away a lot of personal information without having to be hacked at all. Often we quickly click the green 'allow' button without thinking. Clicking 'decline' requires additional steps you don't want to take".

In addition, accepting the cookies will also give the organizations your approval to sell your information to other organizations. This information is then stored in a very large database, like customer data, and is a potential prey for more hackers.

Dutch Universities and hospitals are frequent targets of various forms of cyberattacks like the stealing of data or flooding the system with a Distributed Denial-of-Service attack (DDoS). A DDoS attack prevents anybody but the hackers from being able to access the institution's websites. This gives the hackers time to look for sensitive data, for example patient information or documents intended for blackmail.

This January, among others, the Technical University in Eindhoven (TU Eindhoven) and the University Medical Centre of Groningen (UMCG) were targets of various cyberattacks. As soon as the IT specialists at the TU Eindhoven realized something fishy was going on, they took the server offline, putting a stop to anyone trying to enter their system and potentially steal data.

Last week the perpetrators were found and it appeared that they had access to log-in information from a student and a professor. With this, they gained access into the Universities’ server and personal information from professors and students. Thankfully, nothing was stolen or distributed.

“The problem for us is that those working from home within our organization cannot log in to and access the hospital's systems. This means that we cannot access our databases and the electronic patients’ files that we require to work and are therefore locked out”, says Anke van Rijk, a data collector for multiple hospitals including the UMCG, to The Glass Room. Continuing, she says that “normally this is not a big deal for us, but this attack happened right before our deadline which resulted in a big delay”.