9.5 million Eur fine for 1&1 Telekom
1&1 Telekom (Germany) did not authenticate callers properly before handing out account information by phone. Telling a name and birthdate was enough to get access to account details.
The German data protection authority sees a breach of Article 32 GDPR regulating the security of processing. 1&1 was very cooperative and implemented better security immediately. Nevertheless, a fine of 9.550.000 EUR was issued. The data protection authority considers this a fine at the lower end of the spectrum.
Type of Issue:
inadequate data protection
Number of involved data records:
Special category of data involved:
Violation of GDPR Paragraph:
32. Security of processing