Lithuania: Data Breach at a payment service provider
The Lituanian company UAB MisterTango works as a payment service provider. The company had an inspection by the Lithuanian Data Protection Supervisory Authority. During this inspection, the Authority found out, that the company collected and processed more data than necessary.
In addition, the Authority found out that the payment data of 9000 transactions from 12 banks in different countries were available on the internet for everyone. A lack of the correct technical and organisational measures caused the data breach, which lastet from the 9th to the 10th July 2018. According to the GDPR, if a data breach happens, the company needs to notify the Data Protection Agency but the company failed to do so. The Lithuanian Data Protection Supervisory Authority issued a fine of € 61.500,- for these incidents.
Type of Issue:
Theft of Data
Number of involved data records:
Special category of data involved: