E-mail data freely accessible
A UK organization that supports the rights of transgender individuals reported a data breach to the ICO data protection authority on June 17, 2019. The Authority then immediately started the investigation and found out that e-mails from 550 affected persons, including their name, email address and mental health or sexual orientation information, were freely accessible to everyone.
This incident occurred because the organization had incorrect default settings for their mail service. The data protection authority then found a violation of the principle of integrity and confidentiality. This mistake cost the organization 29,183 euros.
Art des Verstoßes:
inadequate data protection
Waren sensible Daten betroffen?:
Violation of GDPR Paragraph:
32. Security of processing
5. Principles relating to personal data processing