The German data regulator has fined the telecoms giant 1&1 almost €10 million for not taking sufficient measures to prevent unauthorised access to customer data.
The company has been punished because it failed to take measures to adequately protect the data of its customers, meaning extensive customer information could be accessed by just providing the name and date of birth.
The lack of protections for customer data constituted a violation of Article 32 of the General Data Protection Regulation (GDPR), according to the Federal Commissioner for Data Protection and Freedom of Information (BfDI).
The Federal Commissioner Ulrich Kelber explained the €9,550,000 fine was a clear sign the data regulator would enforce the protection of fundamental rights under GDPR, and that due consideration was taken in the decision.
Despite the severity of the fine, BfDI also noted that 1&1 was transparent and cooperative during the investigation.
To rectify its processes, the telecoms giant first introduced new authentication steps, before unveiling plans to roll out an authentication procedure with significantly stronger barriers to accessing data.
The BfDI said the fine could have been much higher had 1&1 representatives not been as cooperative as they were during the investigation. The infringement, moreover, was limited to just a handful of customers, despite all customers being at risk.
RELATED RESOURCE
Understanding the must-haves of modern data protection
Go beyond traditional backup and recovery
The data regulator added it would be investigating the customer authentication procedures of rival telecoms companies as a result of its findings.
The agency has been active in recent months, having previously issued a €14.5 million fine against a housing giant for hanging onto the personal and financial data of former and current tenants longer than necessary.
The fines have been adding up since GDPR came into effect in May 2018, but are blown out of the water when compared with the multi-million-pound penalties issued against the likes of BA and Marriot.
-
Third time lucky? Microsoft finally begins roll-out of controversial Recall featureNews The Windows Recall feature has been plagued by setbacks and backlash from security professionals
-
The UK government wants quantum technology out of the lab and in the hands of enterprisesNews The UK government has unveiled plans to invest £121 million in quantum computing projects in an effort to drive real-world applications and adoption rates.
-
Data sovereignty a growing priority for UK enterprisesNews Many firms view data sovereignty as simply a compliance issue
-
Elevating compliance standards for MSPs in 2025Industry Insights The security landscape is set to change significantly in the years to come with new regulations coming into effect next year, here's how the channel needs to adapt
-
How ready is your company for NIS2?Supported Content The EU’s latest cybersecurity legislation raises the stakes for enterprises and IT leaders - and ensuring compliance can be a daunting task
-
Top data security trendsWhitepaper Must-have tools for your data security toolkit
-
Conquering technology risk in bankingWhitepaper Five ways leaders can transform technology risk into advantage
-
Advancing your risk management maturityWhitepaper A roadmap to effective governance and increase resilience
-
When banking works, the world worksWhitepaper Five ways automated processes can drive revenue and growth across your bank
-
Automating digital resiliency in bankingWhitepaper Prioritize investment in solutions that mitigate a lack of digital resiliency when disruptions strike
