Online shop with outdated software
The Lower Saxony data protection authority found in investigations against the company out that it uses an outdated version of xt:Commerce, which has not been supplied with security updates since 2014. Among other things, the software still uses the hash function MD5, which has not been in line with current security standards for several years. Therefore, it would have been possible to decrypt passwords and misuse user data with minimal effort.
The data protection authority sees this as a violation of the website operator’s obligation to implement technical and organizational measures that ensure a level of protection that is appropriate to the risk for those affected. A fine of 65,500 euros was therefore imposed.
Art des Verstoßes:
Waren sensible Daten betroffen?:
Violation of GDPR Paragraph:
25. Data protection by design and by default
32. Security of processing