OTE Group – €3,200,000 Fine (Greece, 2022)

€3,200,000Hellenic Data Protection Authority27 January 2022Greece
final
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

Greece fined OTE Group EUR 3.2 million after a hacker breached Cosmote's systems, leaking customer data. The company failed to secure sensitive information, affecting nearly 10 million people. This highlights the need for strong cybersecurity measures to protect customer data.

What happened

OTE Group was fined for inadequate security measures that allowed a hacker to leak sensitive customer data from Cosmote.

Who was affected

Nearly 10 million Cosmote customers had their personal information, like age and contract details, exposed.

What the authority found

The Greek authority determined that OTE Group failed to implement adequate security measures to protect customer data.

Why this matters

This case highlights the critical importance of robust cybersecurity practices to prevent data breaches. Companies must ensure their security measures are sufficient to protect sensitive customer information.

GDPR Articles Cited

AI-verified

Art. 32 GDPR
View original scraped data
Art. 32 GDPR

Original data from scraper before AI verification against source document.

Source verified 5 March 2026
articles corrected
national law identified
Greece enforcementHellenic Data Protection Authority actionsAll OTE Group actions
Full Legal Summary
Detailed

The Hellenic DPA has imposed a fine of EUR 3.2 million on Cosmote subsidiary OTE Group. Among other things, OTE Group had contributed to Cosmote's security infrastructure. Cosmote had reported a data breach to the DPA under Article 33 of the GDPR. A hacker had been able to penetrate Cosmote's systems due to a lack of security measures and obtained and subsequently leaked data from customers. The stolen data included sensitive information, from Cosmote subscribers such as age, gender and contract information. Nearly 10 million people were affected by the incident. For this reason, the DPA found that OTE Group had failed to implement adequate technical and organizational measures to ensure a level of security commensurate with the risk to data subjects.

Related Enforcement Actions (0)

No other enforcement actions found for OTE Group in GR

This is the only recorded action for this entity in this jurisdiction.

Details

Fine Date

27 January 2022

Authority

Hellenic Data Protection Authority

Fine Amount

€3,200,000

Enforcement Tracker ID

ETid-1025

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. OTE Group - Greece (2022). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: