A single data breach can provide the key to someone’s digital identity or critical services

Recycled passwords pose a huge risk: they are easy for criminals to hack, particularly in light of the ever-increasing number of data breaches*. This can have serious consequences in relation to critical services involving sensitive information, such as email, banking and healthcare portals. 40% of the Dutch population use the same password (or a variation of it) for things like webshops as well as for critical services. These are among the findings of a survey on the use of passwords carried out by Ipsos I&O on behalf of ABN AMRO in the run-up to the shopping season, the period around Black Friday and the festive season. The bank is warning clients that criminals could reuse stolen login credentials for less critical services to access important accounts. So as the shopping season approaches, it is important to create a unique password for every webshop.

Here is a summary of the key findings:

• 40% of Dutch people use the same password for less critical services and for critical services. This figure is 55% for people aged under 45.

• 89% are aware that using the same password for different services poses a risk.

• 32% never/rarely change their passwords for critical services, or only do so if this is needed to log in.

• 53% take no or very little action if data is leaked through a data breach.

Convenience over security

A lot of Dutch people still choose convenience over security. This makes them vulnerable: a single data breach can provide the key to someone’s digital identity, healthcare details and other important services. Recycling is not the only evidence of this lax approach to passwords. Other behaviour around password management confirms it. One third of Dutch people (32%) never or rarely change their password for critical services, or only if they forget it or are required to do so by the service. In addition, almost a quarter (24%) have shared a password with someone. Among the under-45s, this figure rises to 39%. “More and more of our day-to-day life takes place online. From shopping to healthcare, and from social media to banking. Although this is very convenient, managing our online accounts means taking responsibility for our own digital security. Take great care managing your passwords and do not recycle them, or even use a variation of them,” says Marco Hendriks, Fraud Expert at ABN AMRO. “Every time you log in to a webshop or online service, you share your personal details, even if you only order from a particular site once. If your name and password for a webshop are leaked in a data breach, and you’ve used the same or a similar password for other services, fraudsters can gain access to more sensitive or important accounts.”

Too little action

Data breaches have been on the rise for years*. In 2024 alone, over 35,000 data breaches were reported in the Netherlands. At the same time, many people underestimate the dangers. Over half of the Dutch population do not think there would be very serious effects on them personally if their password fell into the wrong hands. A lot of people know what to do in the event of a data breach: 64% say they know what steps to take if their data is affected. However, very little comes of this in practice: 10% of respondents who discovered that their data had fallen into the wrong hands did nothing, and 43% took just one step. Key to bank account According to ABN AMRO, the best way to secure your bank account and other important accounts is to use a unique password, not to use variations of existing passwords, and to set up two-step verification. In the run-up to Black Friday and the festive season, a lot of Dutch people will likely create new accounts with webshops or utilise the ‘forgot password’ option. This makes it even more important to be aware of the dangers. Hendriks: “Cyber criminals don’t see boundaries between platforms. They simply get to work as soon as they have your username and a password. A password may seem harmless, but it can lead to serious consequences. It could enable someone to act in your name. In fact, a single password can provide the key to your personal details and even your banking.”

—------------ END OF PRESS RELEASE —------------

*2024 data breach report, Dutch Data Protection Authority, July 2025