Vreau Credit S.R.L fined for not reporting a Data Breach

Vreau Credit S.R.L fined for not reporting a Data Breach

On October 1st the Romanian National Supervisory Authority fined Creau Credit S.R.L ( 20.000 EUR) due to not reporting a data breach.

The Supervisory Authority initiated an investigation due to a personal data breach notification. Vreau Credit S.R.L sent data from identity documents of 1177 individuals via WhatsApp to two Raiffeisen employees. They performed queries to the Credit Bureau System to obtain credit eligibility scores for these individuals. Raiffeisen employees returned the negative credit scores to the employees of Vreau Credit S.R.L. violating internal procedures.

Vreau Credit S.R.L. was fined because they did not notify the supervisory authority of the personal data breach.

More information on the Raiffeisen Bank SE fine

read more at the European Data Protection Board.

Entscheidungsdatum:
01.10.2019

Land:
Romania

Art des Verstoßes:
violated duty to inform

Betroffene Datensätze:
1177

Waren sensible Daten betroffen?:
No

verhängte Geldstrafe:
€ 20,000,-

Quelle: