Penalty against Optical Center

Penalty against Optical Center

Optical Center is a company that produces optical glasses for customers. On the homepage of the company customers can order appropriate visual aids. In 2017, the French Data Protection Authority (CNIL) was informed that the company’s website was not sufficiently secured. By simply changing the website address (URL), unauthorized persons could access customer personal data. It was not only possible to retrieve names, addresses and telephone numbers, but also medical data provided by customers when ordering glasses (for example, diopters to make the glasses in the correct prescription).

Decision data:
07.06.2018

Country:
France

Type of Issue:
technical deficiency

Number of involved data records:
300 000

Special category of data involved:
Yes

Fine:
€ 250,000,-

Reference: