Hungary: GDPR fine for political party
An political party in Hungary had to pay a GDPR fine. The undisclosed political party has a system with a database containing data about over 6.000 individuals. An anonymous hacker discovered a weakness in the security on the webpage of the party. He disclosed information about the weakness and the command he used. Afterwards, anyone even with a low understanding of IT was able to break into the system and get access to the database. The political party had to pay a fine of 11.000.000 Hungarian Forint, an equivalent of 34.375€.
Even though the fine was issued to a political party, companies can take a lot away from this incident. For example, the Data Protection Authority found the used MD5 encryption algorithm insufficient to protect sensetive data. The GDPR states, that data controllers have to protect personal data with the best technological solutions possible (State of the Art).
In order to fullfill this requirement, companies need to ensure that their security technology is up to date and that the newest updates are installed for the used software. Also, companies need to be aware of the consequences that a data breach can have for the affected users. Lastly, companies should implement a system to force users to have strong passwords. In this case, the Data Protection Agency found many weak passwords.
Sources: Data Protection Authority Hungary
Type of Issue:
Theft of Data
Number of involved data records:
Special category of data involved:
Violation of GDPR Paragraph: