government
healthcare
social media
service provider
fine
education
finance
dark web
retail
law enforcement
web
telecoms
travel
manufacturing
phama
operating system
insurance
legal
charity
app
tech
gaming
publishing
transport
utilities
story
hacked
malware
unauthorised access
ransomware
vulnerability
accidental disclosure
phishing
unsecured database
poor security
insider threat
unsecured server
hacked email
lost device
identity theft
website hacked
ddos
stolen documents
Trojans
financial
inside job
spear phishing
RDP
skimming
spyware
cyber attack
privacy
breach notification
security flaw
legislation
poor operations
user credentials
physical security
customer data
third party
Cryptocurrency
enforcement
email hacked
insecure storage
court action
encryption
fraud
VPN
passwords
zero day
3rd parties
state hacking
employee data
remote working
stolen data
Lindstrand Trading AS fined 9,700 Euros for breaching Art. 5 GDPR, Art. 6 GDPR - Insufficient legal basis for data processing
Unknown fined 19,000 Euros for breaching Art. 34 (1), (2) GDPR, Art. 58 (2) e) GDPR - Insufficient fulfilment of data breach notification obligations
Śląski Uniwersytet Medyczny (Medical University of Silesia) fined 5,500 Euros for breaching Art. 33 (1) GDPR, Art. 34 (1) GDPR - Insufficient fulfilment of data breach notification obligations
School principal ordered to pay $3.6M for sharing students’ nude pictures online – Crime Online
Innovasjon Norge fined 95,500 Euros for breaching Art. 5 (1) GDPR, Art. 6 (1) GDPR - Insufficient legal basis for data processing
Vodafone España, S.A.U. fined 54,000 Euros for breaching Art. 5 (1) d), f) GDPR - Non-compliance with general data processing principles
Ticketmaster Pays $10 Million Criminal Fine for Intrusions into Competitor’s Computer Systems
Towarzystwo Ubezpieczeń i Reasekuracji WARTA S.A. fined 18,930 Euros for breaching Art. 33 (1) GDPR, Art. 34 (1) GDPR - Insufficient fulfilment of data breach notification obligations
Unknown fined 15,000 Euros for breaching Art. 14 (1), (2) GDPR, Art. 12 (3) GDPR, Art. 6 GDPR, Art. 5 (1) c), (2) GDPR, Art. 24 (1), (2) GDPR - Insufficient fulfilment of data subjects rights
Unknown fined 50,000 Euros for breaching Art. 14 (1), (2) GDPR, Art. 12 (1), (2), (3) GDPR, Art. 15 (1) GDPR, Art. 5 (1) c), (2) GDPR, Art. 24 (1), (2) GDPR - Insufficient fulfilment of data subjects rights
Iberdrola Clientes, SAU fined 6,000 Euros for breaching Art. 48 (1) b) LGT, Art. 21 GDPR, Art. 23 (4) LOPDGDD - Insufficient fulfilment of data subjects rights
Banco Bilbao Vizcaya Argentaria, S.A. fined 36,000 Euros for breaching Art. 5 (1) d) GDPR - Non-compliance with general data processing principles
Ordine degli Assistenti Sociali della Regione Lazio fined 2000 Euros for breaching Art. 12 (3), (4) GDPR - Insufficient fulfilment of data subjects rights
Comune di Luino fined 10,000 Euros for breaching Art. 5 (1) a), c) GDPR, Art. 6 (1) c), e) GDPR, Art. 6 (2) GDPR, Art. 6 (3) b) GDPR, Art. 37 (1) a) GDPR, Art. 37 (7) GDPR - Non-compliance with general data processing principles
Comune di Santo Stefano Belbo fined 4,000 Euros for breaching Art. 5 (1) a), c) GDPR, Art. 6 (1) c), e) GDPR, Art. 6 (2) GDPR, Art. 6 (3) b) GDPR - Non-compliance with general data processing principles
University College Dublin fined 70,000 Euros for breaching Art. 5 (1) e), f) GDPR, Art. 32 (1) GDPR, Art. 33 (1) GDPR - Insufficient technical and organisational measures to ensure information security
Azienda Unità Sanitaria Locale Toscana Sud Est fined 100,000 Euros for breaching Art. 5 (1) f) GDPR, Art. 13 GDPR, Art. 14 GDPR, Art. 28 GDPR, Art. 30 GDPR, Art. 32 GDPR, Art. 35 GDPR - Non-compliance with general data processing principles
Miropass S.r.l. fined 40,000 Euros for breaching Art. 5 (1) a), e) GDPR, Art. 6 GDPR, Art. 9 GDPR, Art. 28 GDPR - Insufficient legal basis for data processing
Roma Capitale (Rome Municipality) fined 500,000 Euros for breaching Art. 5 (1) a) GDPR, Art. 13 GDPR, Art. 14 GDPR, Art. 28 (2), (3) GDPR, Art. 32 GDPR - Non-compliance with general data processing principles
ID Finance Poland Sp. z o.o. fined 235,300 Euros for breaching Art. 5 (1) f) GDPR, Art. 25 (1) GDPR, Art. 32 (1) b), d), (2) GDPR - Insufficient technical and organisational measures to ensure information security
Doctor fined 6,000 Euros for breaching Art. 32 GDPR, Art. 33 GDPR - Insufficient technical and organisational measures to ensure information security
Unknown fined 97,150 Euros for breaching Art. 5 (1) c) GDPR, Art. 6 (1) GDPR, Art. 9 (1) GDPR, Art. 12 GDPR - Insufficient legal basis for data processing
Robinson Tours Ltd. (Robinson Tours Idegenforgalmi és Szolgáltató Kft.) fined 55,400 Euros for breaching Art. 25 (1), (2) GDPR, Art. 32 (1) b) GDPR, Art. 34 (1) GDPR - Insufficient technical and organisational measures to ensure information security
Unknown fined 1,940 Euros for breaching Art. 5 (1) b), c) GDPR, Art. 13 (1) GDPR - Insufficient fulfilment of information obligations
Online Services fined 10,000 Euros for breaching Art. 13 GDPR, Art. 8 (1) GDPR, Art. 6 (1) a) GDPR - Insufficient fulfilment of information obligations
Uppsalahem AB fined 29,500 Euros for breaching Art. 5 GDPR,
Art. 6 (1) f) GDPR - Insufficient legal basis for data processing
Twitter International Company fined 450,000 Euros for breaching Art. 33 (1), (5) GDPR - Insufficient fulfilment of data breach notification obligations
Virgin Mobile Polska fined 443,000 Euros for breaching Art. 5 (1) f), (2) GDPR,
Art. 25 (1) GDPR,
Art. 32 (1) b), d), (2) GDPR - Insufficient technical and organisational measures to ensure information security
Umeå University fined 54,000 Euros for breaching Art. 5 (1) f) GDPR,
Art. 32 (1), (2) GDPR - Insufficient technical and organisational measures to ensure information security
Banco Bilbao Vizcaya Argentaria, S.A. fined 5,000,000 Euros for breaching Art. 6 GDPR, Art. 13 GDPR - Insufficient fulfilment of information obligations
Budapesti Műszaki és Gazdaságtudományi Egyetem (Budapest University of Technology and Economics) fined 22,200 Euros for breaching Art. 5 (1) a), b), c) GDPR, Art. 6 (1) GDPR, Art. 9 (2) GDPR, Art. 12 GDPR, Art. 13 GDPR - Insufficient legal basis for data processing
Borjamotor, S.A. fined 4,000 Euros for breaching Art. 7 GDPR - Insufficient legal basis for data processing
Smart Cities Sp. z o.o. fined 2,850 Euros for breaching Art. 31 GDPR, Art. 58 GDPR - Insufficient cooperation with supervisory authority
TUiR Warta S.A. fined 18,850 Euros for breaching Art. 33 (1) GDPR, Art. 34 (1) GDPR - Insufficient fulfilment of data breach notification obligations
Unknown fined 10,000 Euros for breaching Art. 5 (1) f) GDPR - Non-compliance with general data processing principles
Xfera Moviles S.A. fined 40,000 Euros for breaching Art. 6 (1) GDPR - Insufficient legal basis for data processing
Municipality of Indre Østfold fined 18,840 Euros for breaching Art. 6 GDPR, Art. 32 (1) b) GDPR - Insufficient technical and organisational measures to ensure information security
Capio St. Göran AB fined 2,900,000 Euros for breaching Art. 5 (1) f) GDPR,
Art. 5 (2) GDPR,
Art. 32 (1) GDPR,
Art. 32 (2) GDPR - Insufficient technical and organisational measures to ensure information security
Karolinska University Hospital of Solna fined 390,100 Euros for breaching Art. 5 (1) f) GDPR,
Art. 5 (2) GDPR,
Art. 32 (1) GDPR,
Art. 32 (2) GDPR - Insufficient technical and organisational measures to ensure information security
Sahlgrenska University Hospital fined 341,300 Euros for breaching Art. 5 (1) f) GDPR,
Art. 5 (2) GDPR,
Art. 32 (1) GDPR,
Art. 32 (2) GDPR - Insufficient technical and organisational measures to ensure information security