Lithuania: Data Breach at a payment service provider
The Lituanian company UAB MisterTango works as a payment service provider. The company had an inspection by the Lithuanian Data Protection Supervisory Authority. During this inspection, the Authority found out, that the company collected and processed more data than necessary.
In addition, the Authority found out that the payment data of 9000 transactions from 12 banks in different countries were available on the internet for everyone. A lack of the correct technical and organisational measures caused the data breach, which lastet from the 9th to the 10th July 2018. According to the GDPR, if a data breach happens, the company needs to notify the Data Protection Agency but the company failed to do so. The Lithuanian Data Protection Supervisory Authority issued a fine of € 61.500,- for these incidents.
Source: Lithuanian Data Protection Agency (Lithuanian)
Entscheidungsdatum:
16.05.2019
Land:
Lithuania
Art des Verstoßes:
Theft of Data
Betroffene Datensätze:
9.000
Waren sensible Daten betroffen?:
Yes
verhängte Geldstrafe:
€ 61,500,-
Violation of GDPR Paragraph:
32. Security of processing
33. Notification of a personal data breach to the supervisory authority
5. Principles relating to personal data processing
Quelle: