9.5 million Eur fine for 1&1 Telekom
1&1 Telekom (Germany) did not authenticate callers properly before handing out account information by phone. Telling a name and birthdate was enough to get access to account details.
The German data protection authority sees a breach of Article 32 GDPR regulating the security of processing. 1&1 was very cooperative and implemented better security immediately. Nevertheless, a fine of 9.550.000 EUR was issued. The data protection authority considers this a fine at the lower end of the spectrum.
Entscheidungsdatum:
09.12.2019
Land:
Germany
Art des Verstoßes:
inadequate data protection
Betroffene Datensätze:
Waren sensible Daten betroffen?:
No
verhängte Geldstrafe:
€ 9,550,000,-
Violation of GDPR Paragraph:
32. Security of processing
Quelle:
https://www.bfdi.bund.de/DE/Infothek/Pressemitteilungen/2019/30_BfDIverhängtGeldbuße1u1.html