CNIL issues 400K euro fine for GDPR violations

France’s data protection authority, the CNIL, has fined the real estate company Sergic 400,000 euros for violations of the EU General Data Protection Regulation. A complaint received by the CNIL last August alleged users could access documents from other individuals on the site by modifying a URL. The documents contained individuals’ identity cards, tax notices, account statements and other information. An investigation conducted by the DPA found Sergic was aware of the vulnerability since March 2018. The DPA discovered Sergic did not implement any form of user authentication for those who could access the documents, which factored into the decision to penalize the company. (Original article is in French.)
Full Story

Share this post

Share on facebook
Share on linkedin
Share on print
Share on email

Subscribe to our Monthly Cyber Security Digest

Get monthly content to keep you up to date on the latest news and tips