Curtea Veche Publishing SRL – €5,000 Fine (Romania, 2022)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
Curtea Veche Publishing SRL was fined EUR 5,000 for not protecting customer data properly, leading to two data breaches. The first breach exposed customer details online, and the second involved a ransomware attack. This case highlights the importance of securing personal data to prevent unauthorized access.
What happened
Curtea Veche Publishing accidentally published customer data online and suffered a ransomware attack due to inadequate security measures.
Who was affected
The data of 10,793 customers was exposed in the first breach, and about 100 individuals were affected in the ransomware attack.
What the authority found
The Romanian DPA found that Curtea Veche Publishing failed to implement sufficient security measures to protect personal data.
Why this matters
This case underscores the necessity for businesses to have strong data protection measures in place to avoid breaches and potential fines. It serves as a reminder that data security is crucial for maintaining customer trust and compliance with GDPR.
GDPR Articles Cited
The Romanian DPA has imposed a fine of EUR 5,000 on Curtea Veche Publishing SRL. The controller had reported two data breaches to the DPA pursuant to Art. 33 GDPR. In the first data breach, the controller had inadvertently published a file containing the customer database in a public forum. This resulted in the unauthorized disclosure of personal data such as first name, last name, phone number, email, password in encrypted form and IP address of 10,793 customers. The second data breach concerned a ransomware attack that resulted in unauthorized access and loss of integrity as well as availability of personal data of about 100 data subjects. During its investigation, the DPA found that the controller had failed to implement adequate technical and organizational measures to protect personal data. This failure to implement protective measures permitted the data breaches to occur.
Related Enforcement Actions (0)
No other enforcement actions found for Curtea Veche Publishing SRL in RO
This is the only recorded action for this entity in this jurisdiction.
Details
Fine Date
21 September 2022
Authority
Autoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal
Fine Amount
€5,000
Enforcement Tracker ID
ETid-1436
About this data
Cite as: Cookie Fines. Curtea Veche Publishing SRL - Romania (2022). Retrieved from cookiefines.eu
Last updated: