E-mail data freely accessible
A UK organization that supports the rights of transgender individuals reported a data breach to the ICO data protection authority on June 17, 2019. The Authority then immediately started the investigation and found out that e-mails from 550 affected persons, including their name, email address and mental health or sexual orientation information, were freely accessible to everyone.
This incident occurred because the organization had incorrect default settings for their mail service. The data protection authority then found a violation of the principle of integrity and confidentiality. This mistake cost the organization 29,183 euros.
Entscheidungsdatum:
08.07.2021
Land:
Great Britain
Art des Verstoßes:
inadequate data protection
Betroffene Datensätze:
550
Waren sensible Daten betroffen?:
Yes
verhängte Geldstrafe:
€ 29,183,-
Violation of GDPR Paragraph:
32. Security of processing
5. Principles relating to personal data processing
Quelle:
ICO Communication