Lithuania: Data Breach at a payment service provider

Lithuania: Data Breach at a payment service provider

The Lituanian company UAB MisterTango works as a payment service provider. The company had an inspection by the Lithuanian Data Protection Supervisory Authority. During this inspection, the Authority found out, that the company collected and processed more data than necessary.

In addition, the Authority found out that the payment data of 9000 transactions from 12 banks in different countries were available on the internet for everyone. A lack of the correct technical and organisational measures caused the data breach, which lastet from the 9th to the 10th July 2018. According to the GDPR, if a data breach happens, the company needs to notify the Data Protection Agency but the company failed to do so. The Lithuanian Data Protection Supervisory Authority issued a fine of € 61.500,- for these incidents.

Source: Lithuanian Data Protection Agency (Lithuanian)

Entscheidungsdatum:
16.05.2019

Land:
Lithuania

Art des Verstoßes:
Theft of Data

Betroffene Datensätze:
9.000

Waren sensible Daten betroffen?:
Yes

verhängte Geldstrafe:
€ 61,500,-

Quelle: