mBank – €940,000 Fine (Poland, 2024)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
The Polish DPA has fined mBank EUR 940,000. The bank had suffered a data breach in which an employee of the controller sent documents containing customer data to the wrong recipient. The documents contained information such as names, account numbers, dates of birth and ID card numbers. Although the documents were returned to mBank, the envelope had been opened , meaning that third parties may have had access to the documents. During its investigation, the DPA found that, although the controller informed the DPA of the incident, it failed to notify the data subjects in a timely manner.
GDPR Articles Cited
View original scraped data
Original data from scraper before AI verification against source document.
The Polish DPA has fined mBank EUR 940,000. The bank had suffered a data breach in which an employee of the controller sent documents containing customer data to the wrong recipient. The documents contained information such as names, account numbers, dates of birth and ID card numbers. Although the documents were returned to mBank, the envelope had been opened , meaning that third parties may have had access to the documents. During its investigation, the DPA found that, although the controller informed the DPA of the incident, it failed to notify the data subjects in a timely manner.
Related Enforcement Actions (1)
Other enforcement actions involving mBank in PL
Details
Fine Date
20 August 2024
Authority
Urząd Ochrony Danych Osobowych
Fine Amount
€940,000
Enforcement Tracker ID
ETid-2457
About this data
Cite as: Cookie Fines. mBank - Poland (2024). Retrieved from cookiefines.eu
Last updated: