government healthcare social media service provider fine education finance dark web retail law enforcement web telecoms travel manufacturing phama operating system insurance legal charity app tech gaming publishing transport utilities
story hacked malware unauthorised access ransomware vulnerability accidental disclosure phishing unsecured database poor security insider threat unsecured server hacked email lost device identity theft website hacked ddos stolen documents Trojans financial inside job spear phishing RDP skimming spyware
cyber attack privacy breach notification security flaw legislation poor operations user credentials physical security customer data third party Cryptocurrency enforcement email hacked insecure storage court action encryption fraud VPN passwords zero day 3rd parties state hacking employee data remote working stolen data

Lindstrand Trading AS fined 9,700 Euros for breaching Art. 5 GDPR, Art. 6 GDPR - Insufficient legal basis for data processing
Unknown fined 19,000 Euros for breaching Art. 34 (1), (2) GDPR, Art. 58 (2) e) GDPR - Insufficient fulfilment of data breach notification obligations
Śląski Uniwersytet Medyczny (Medical University of Silesia) fined 5,500 Euros for breaching Art. 33 (1) GDPR, Art. 34 (1) GDPR - Insufficient fulfilment of data breach notification obligations
School principal ordered to pay $3.6M for sharing students’ nude pictures online – Crime Online
Innovasjon Norge fined 95,500 Euros for breaching Art. 5 (1) GDPR, Art. 6 (1) GDPR - Insufficient legal basis for data processing
Vodafone España, S.A.U. fined 54,000 Euros for breaching Art. 5 (1) d), f) GDPR - Non-compliance with general data processing principles
Ticketmaster Pays $10 Million Criminal Fine for Intrusions into Competitor’s Computer Systems
Towarzystwo Ubezpieczeń i Reasekuracji WARTA S.A. fined 18,930 Euros for breaching Art. 33 (1) GDPR, Art. 34 (1) GDPR - Insufficient fulfilment of data breach notification obligations
Unknown fined 15,000 Euros for breaching Art. 14 (1), (2) GDPR, Art. 12 (3) GDPR, Art. 6 GDPR, Art. 5 (1) c), (2) GDPR, Art. 24 (1), (2) GDPR - Insufficient fulfilment of data subjects rights
Unknown fined 50,000 Euros for breaching Art. 14 (1), (2) GDPR, Art. 12 (1), (2), (3) GDPR, Art. 15 (1) GDPR, Art. 5 (1) c), (2) GDPR, Art. 24 (1), (2) GDPR - Insufficient fulfilment of data subjects rights
Iberdrola Clientes, SAU fined 6,000 Euros for breaching Art. 48 (1) b) LGT, Art. 21 GDPR, Art. 23 (4) LOPDGDD - Insufficient fulfilment of data subjects rights
Banco Bilbao Vizcaya Argentaria, S.A. fined 36,000 Euros for breaching Art. 5 (1) d) GDPR - Non-compliance with general data processing principles
Ordine degli Assistenti Sociali della Regione Lazio fined 2000 Euros for breaching Art. 12 (3), (4) GDPR - Insufficient fulfilment of data subjects rights
Comune di Luino fined 10,000 Euros for breaching Art. 5 (1) a), c) GDPR, Art. 6 (1) c), e) GDPR, Art. 6 (2) GDPR, Art. 6 (3) b) GDPR, Art. 37 (1) a) GDPR, Art. 37 (7) GDPR - Non-compliance with general data processing principles
Comune di Santo Stefano Belbo fined 4,000 Euros for breaching Art. 5 (1) a), c) GDPR, Art. 6 (1) c), e) GDPR, Art. 6 (2) GDPR, Art. 6 (3) b) GDPR - Non-compliance with general data processing principles
University College Dublin fined 70,000 Euros for breaching Art. 5 (1) e), f) GDPR, Art. 32 (1) GDPR, Art. 33 (1) GDPR - Insufficient technical and organisational measures to ensure information security
Azienda Unità Sanitaria Locale Toscana Sud Est fined 100,000 Euros for breaching Art. 5 (1) f) GDPR, Art. 13 GDPR, Art. 14 GDPR, Art. 28 GDPR, Art. 30 GDPR, Art. 32 GDPR, Art. 35 GDPR - Non-compliance with general data processing principles
Miropass S.r.l. fined 40,000 Euros for breaching Art. 5 (1) a), e) GDPR, Art. 6 GDPR, Art. 9 GDPR, Art. 28 GDPR - Insufficient legal basis for data processing
Roma Capitale (Rome Municipality) fined 500,000 Euros for breaching Art. 5 (1) a) GDPR, Art. 13 GDPR, Art. 14 GDPR, Art. 28 (2), (3) GDPR, Art. 32 GDPR - Non-compliance with general data processing principles
ID Finance Poland Sp. z o.o. fined 235,300 Euros for breaching Art. 5 (1) f) GDPR, Art. 25 (1) GDPR, Art. 32 (1) b), d), (2) GDPR - Insufficient technical and organisational measures to ensure information security
Doctor fined 6,000 Euros for breaching Art. 32 GDPR, Art. 33 GDPR - Insufficient technical and organisational measures to ensure information security
Unknown fined 97,150 Euros for breaching Art. 5 (1) c) GDPR, Art. 6 (1) GDPR, Art. 9 (1) GDPR, Art. 12 GDPR - Insufficient legal basis for data processing
Robinson Tours Ltd. (Robinson Tours Idegenforgalmi és Szolgáltató Kft.) fined 55,400 Euros for breaching Art. 25 (1), (2) GDPR, Art. 32 (1) b) GDPR, Art. 34 (1) GDPR - Insufficient technical and organisational measures to ensure information security
Unknown fined 1,940 Euros for breaching Art. 5 (1) b), c) GDPR, Art. 13 (1) GDPR - Insufficient fulfilment of information obligations
Online Services fined 10,000 Euros for breaching Art. 13 GDPR, Art. 8 (1) GDPR, Art. 6 (1) a) GDPR - Insufficient fulfilment of information obligations
Uppsalahem AB fined 29,500 Euros for breaching Art. 5 GDPR, Art. 6 (1) f) GDPR - Insufficient legal basis for data processing
Twitter International Company fined 450,000 Euros for breaching Art. 33 (1), (5) GDPR - Insufficient fulfilment of data breach notification obligations
Virgin Mobile Polska fined 443,000 Euros for breaching Art. 5 (1) f), (2) GDPR, Art. 25 (1) GDPR, Art. 32 (1) b), d), (2) GDPR - Insufficient technical and organisational measures to ensure information security
Umeå University fined 54,000 Euros for breaching Art. 5 (1) f) GDPR, Art. 32 (1), (2) GDPR - Insufficient technical and organisational measures to ensure information security
Banco Bilbao Vizcaya Argentaria, S.A. fined 5,000,000 Euros for breaching Art. 6 GDPR, Art. 13 GDPR - Insufficient fulfilment of information obligations
Budapesti Műszaki és Gazdaságtudományi Egyetem (Budapest University of Technology and Economics) fined 22,200 Euros for breaching Art. 5 (1) a), b), c) GDPR, Art. 6 (1) GDPR, Art. 9 (2) GDPR, Art. 12 GDPR, Art. 13 GDPR - Insufficient legal basis for data processing
Borjamotor, S.A. fined 4,000 Euros for breaching Art. 7 GDPR - Insufficient legal basis for data processing
Smart Cities Sp. z o.o. fined 2,850 Euros for breaching Art. 31 GDPR, Art. 58 GDPR - Insufficient cooperation with supervisory authority
TUiR Warta S.A. fined 18,850 Euros for breaching Art. 33 (1) GDPR, Art. 34 (1) GDPR - Insufficient fulfilment of data breach notification obligations
Unknown fined 10,000 Euros for breaching Art. 5 (1) f) GDPR - Non-compliance with general data processing principles
Xfera Moviles S.A. fined 40,000 Euros for breaching Art. 6 (1) GDPR - Insufficient legal basis for data processing
Municipality of Indre Østfold fined 18,840 Euros for breaching Art. 6 GDPR, Art. 32 (1) b) GDPR - Insufficient technical and organisational measures to ensure information security
Capio St. Göran AB fined 2,900,000 Euros for breaching Art. 5 (1) f) GDPR, Art. 5 (2) GDPR, Art. 32 (1) GDPR, Art. 32 (2) GDPR - Insufficient technical and organisational measures to ensure information security
Karolinska University Hospital of Solna fined 390,100 Euros for breaching Art. 5 (1) f) GDPR, Art. 5 (2) GDPR, Art. 32 (1) GDPR, Art. 32 (2) GDPR - Insufficient technical and organisational measures to ensure information security
Sahlgrenska University Hospital fined 341,300 Euros for breaching Art. 5 (1) f) GDPR, Art. 5 (2) GDPR, Art. 32 (1) GDPR, Art. 32 (2) GDPR - Insufficient technical and organisational measures to ensure information security