mBank – €940,000 Fine (Poland, 2024)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
mBank was fined EUR 940,000 after an employee accidentally sent sensitive customer documents to the wrong person. This incident matters because it shows the importance of handling personal data carefully.
What happened
The Polish DPA fined mBank for a data breach involving the mishandling of customer documents.
Who was affected
Customers whose personal information, including names and account numbers, was included in the mistakenly sent documents.
What the authority found
The DPA found that mBank failed to notify affected customers in a timely manner after the data breach.
Why this matters
This case emphasizes the need for banks and businesses to have strong data protection practices and timely notification procedures in place to protect customer information.
GDPR Articles Cited
View original scraped data
Original data from scraper before AI verification against source document.
The Polish DPA has fined mBank EUR 940,000. The bank had suffered a data breach in which an employee of the controller sent documents containing customer data to the wrong recipient. The documents contained information such as names, account numbers, dates of birth and ID card numbers. Although the documents were returned to mBank, the envelope had been opened , meaning that third parties may have had access to the documents. During its investigation, the DPA found that, although the controller informed the DPA of the incident, it failed to notify the data subjects in a timely manner.
Related Enforcement Actions (1)
Other enforcement actions involving mBank in PL
Details
Fine Date
20 August 2024
Authority
Urząd Ochrony Danych Osobowych
Fine Amount
€940,000
Enforcement Tracker ID
ETid-2457
About this data
Cite as: Cookie Fines. mBank - Poland (2024). Retrieved from cookiefines.eu
Last updated: