Windows 10 News and info | Forum
December 12, 2018, Loading... *
Welcome, Guest. Please login or register.

Login with username, password and session length
News: This is a clean Ad-free Forum and protected by StopForumSpam, Project Honeypot, Botscout and AbuseIPDB | This forum does not use audio ads, popups, or other annoyances.
 
  Website   Home   Windows 8 Website GDPR Help Login Register  
By continuing to use the site or forum, you agree to the use of cookies, find out more by reading our GDPR policy.
Pages: [1]
  Print  
Share this topic on Del.icio.usShare this topic on DiggShare this topic on FacebookShare this topic on GoogleShare this topic on MySpaceShare this topic on RedditShare this topic on StumbleUponShare this topic on TechnoratiShare this topic on TwitterShare this topic on YahooShare this topic on Google buzz
Author Topic: First GDPR Sanction in Germany Fines Flirty Chat Platform EUR 20,000  (Read 24 times)
javajolt
Administrator
Hero Member
*****
Offline Offline

Gender: Male
United States United States

Posts: 29275


I Do Windows


WWW Email
« on: November 23, 2018, 06:27:19 PM »
ReplyReply

Following a hack that resulted in leaking about 808,000 email addresses and over 1.8 million usernames and passwords, a social network website in Germany received a fine of EUR 20,000 from the Baden-Württemberg Data Protection Authority.

In July this year, flirty chat platform Knuddels.de suffered a data breach and the information stolen from its servers was published online in clear form. A member of the staff said at the time that the incident affected all users that had an account with the service or a username for the chat platform on July 20, 2018.

According to a post from another team member, 330,000 of the leaked email addresses were verified, and once Knuddels learned of the leaks (one on Pastebin, another on Mega cloud storage service), it improved security measures, alerted the users and reset their passwords.

It was later discovered that the website did not apply any form of protection for sensitive information such as passwords and stored them in plain text.

Sanctions under GDPR consider multiple aspects

If you think that we made a type about the penalty to be paid and it is missing zero, it is not. To remove all confusion, converted to other currencies, the fine incurred by Knuddels.de is $23,000, or around £18,000.

This is the first penalty in Germany under the European Union General Data Protection Regulation (GDPR), which entered into force in May this year.

Depending on the level of the infringement, the GDPR provides for fines of up to EUR 20 million or "4% of the annual revenue of the prior fiscal year, whichever is higher."

In calculating the penalty it is also considered the number of the people impacted, the nature of the infringement, mitigation actions, preventative measures, cooperation with the supervisory authority, transgression record, and notification of data protection enforcer.

GDPR fine achieved its goal

It appears that Knuddels.de checked almost all the boxes for a more lenient penalty, but failed to comply with data security norms specified by Article 32, letter a) of the GDPR regarding pseudonymization and encryption of users personal data.

The German Data Protection Authority says that Knuddels.de proved exemplary transparency,  cooperation and was quick to implement security upgrades.

Stefan Brink, the State Commissioner for the Baden-Württemberg Data Protection and Freedom of Information (LfDI), says that the organization he runs is not interested in entering a competition for the highest possible fines because the end goal is to improve privacy and data security for the users.

Knuddels may seem to have gotten away with a slap on the wrist, but they did have to act fast to mitigate the security faults and ensure minimum impact on its users. These actions occurred over the course of a few weeks, which is no small feat. Furthermore, the company agreed to implement additional security measures in coordination with the LfDI.

When you draw the line, Knuddels.de was forced into an unplanned improvement of its security posture, adding to a significant overall financial burden.

source
« Last Edit: November 23, 2018, 06:55:00 PM by javajolt » Logged



Pages: [1]
  Print  
 
Jump to:  

Powered by SMF 1.1.21 | SMF © 2017, Simple Machines

Google visited last this page Today at 01:48:37 AM