Financial Administrators’ Weak Email Security Puts Your Data at Risk: What to Do

If you’re already struggling with debt, the last thing you need is a data breach that lets criminals drain your accounts or steal your identity. Yet a recent report from the NL Times reveals that many financial administrators in the Netherlands handle sensitive client information through email accounts with weak security — leaving thousands of vulnerable people exposed to fraud.

The problem is not limited to one country. Financial administrators, insolvency practitioners, and debt counselors everywhere often operate with limited IT budgets. Secure communication can fall by the wayside. Here’s what happened, why it matters, and — most importantly — how you can protect yourself.

What happened

According to the NL Times (June 2026), researchers found that a significant number of Dutch financial administrators used unencrypted email to send and receive documents containing bank account numbers, income statements, and personal identification details. In some cases, email accounts had no multi‑factor authentication, and passwords were weak or reused across services.

The report does not name specific firms, but it describes cases where emails were intercepted, leading to identity theft and fraudulent loans taken out in victims’ names. The administrators involved are the same people supposed to help clients regain control of their finances.

Why it matters for you

When you work with a financial administrator, you hand over a lot of power: access to bank accounts, details about your debts, copies of pay slips, tax returns, and sometimes even login credentials for online banking (though that is highly inadvisable). If an attacker gains access to that information via a compromised email system, they can:

Empty your accounts or redirect payments.
Open new credit lines in your name.
File fraudulent tax returns to claim refunds.
Use your personal data for phishing attacks against family members.

People already in financial trouble are particularly vulnerable because they may rely heavily on the administrator, check accounts less often, or fear that reporting a problem could delay their debt restructuring. Criminals know this and target these firms specifically.

What you can do right now

You cannot control how every administrator runs their IT, but you can reduce your risk with these five steps.

1. Ask your administrator about their email security

Before you share any sensitive information, ask directly:

Do you use encryption for emails containing personal or financial data? (Look for terms like “PGP,” “S/MIME,” or “TLS enforced.”)
Is your email system protected by two‑factor authentication (2FA)?
Do you have a secure client portal where I can upload documents instead of emailing them?
What is your policy if a breach occurs?

A reputable firm will answer clearly. If they cannot explain their security, that is a red flag. You have the right to insist on a secure channel.

2. Use secure channels for every exchange

Even if your administrator has weak email, you can take the lead:

Ask if they can receive documents through a secure portal (many accounting and administration platforms offer this).
If they insist on email, use a service like ProtonMail or Tutanota that encrypts messages end‑to‑end, and ask them to do the same.
Never send scanned copies of passports, tax returns, or bank statements via unencrypted email. If you must use email, password‑protect the files and send the password by a different channel (phone or SMS).

3. Enable two‑factor authentication everywhere

If your administrator has a client portal, enable two‑factor authentication on your own account there. Also turn on 2FA for your banking accounts and any email account you use to correspond with them. This makes it much harder for an attacker who steals your password to actually get in.

4. Monitor your accounts more often than usual

During the period you are working with a financial administrator, check your bank and credit card transactions weekly — even if that feels burdensome. Sign up for account alerts that notify you of withdrawals over a small amount (e.g., €50). Also check your credit report every few months. In many countries you can get a free report once a year; use it.

5. If you suspect a breach, act fast

If you notice an unfamiliar transaction or receive a suspicious call from someone claiming to be your administrator, stop all contact and contact the administrator through a phone number you know is correct. Then:

Freeze your credit at the major credit bureaus (this prevents anyone from opening new accounts in your name).
Report the incident to your local police and to the data protection authority in your country.
Change passwords on all affected accounts.
Inform your bank and ask them to flag your account.

Sources

NL Times, “Financial administrators’ poor email security put many people with money trouble at risk,” June 2026.

No single action guarantees safety, but combining these steps gives you a much stronger defense. Remember: you are the owner of your data, even when you hire someone else to manage it. Demand the security you deserve.

Financial Administrators’ Weak Email Security Puts Your Data at Risk: What to Do#

What happened#

Why it matters for you#

What you can do right now#

1. Ask your administrator about their email security#

2. Use secure channels for every exchange#

3. Enable two‑factor authentication everywhere#

4. Monitor your accounts more often than usual#

5. If you suspect a breach, act fast#

Sources#