Cosmote – €9,100,000 Fine (Greece, 2021)
The Hellenic Data Protection Authority fined Cosmote €9.1 million after a data breach exposed personal information of millions of subscribers. The breach occurred due to a cyber attack on Cosmote's server, revealing sensitive data like phone numbers and call details. This case highlights the importance of strong data protection measures for telecom companies.
What happened
Cosmote experienced a data breach that exposed a 30 GB file containing personal data of millions of subscribers due to a cyber attack.
Who was affected
Millions of Cosmote subscribers whose personal data, such as phone numbers and call details, were exposed in the breach.
What the authority found
The Hellenic Data Protection Authority found Cosmote violated GDPR by failing to adequately protect personal data and placing cookies before obtaining consent.
Why this matters
This case underscores the critical need for telecom companies to implement robust data protection strategies. It also serves as a warning about the consequences of inadequate data security and the importance of obtaining user consent before processing personal data.
GDPR Articles Cited
View original scraped data
Original data from scraper before AI verification against source document.
National Law Articles
Entities Involved
The case involved a data breach due to a cyber attack, unrelated to cookie or consent violations.
Violations (1)
Non-essential cookies (tracking, advertising) are placed on the user's device before obtaining valid consent.
Art. 6(1) GDPR
Related Enforcement Actions (0)
No other enforcement actions found for Cosmote in GR
This is the only recorded action for this entity in this jurisdiction.
Similar Cases
Enforcement actions with similar violations
Details
Fine Date
30 November 2021
Authority
Hellenic Data Protection Authority
Fine Amount
€9,100,000
GDPRhub ID
gdprhub-4584About this data
Cite as: Cookie Fines. Cosmote - Greece (2021). Retrieved from cookiefines.eu
Last updated: