government healthcare social media service provider fine education finance dark web retail law enforcement web telecoms travel manufacturing phama operating system insurance legal charity app tech gaming transport publishing utilities
story hacked malware unauthorised access ransomware vulnerability accidental disclosure phishing unsecured database poor security insider threat unsecured server hacked email lost device identity theft website hacked ddos stolen documents Trojans financial inside job spear phishing RDP skimming spyware
cyber attack privacy breach notification security flaw legislation poor operations user credentials physical security customer data third party Cryptocurrency enforcement email hacked insecure storage court action encryption fraud VPN passwords zero day state hacking 3rd parties employee data remote working stolen data

Banco Bilbao Vizcaya Argentaria S.L. fined 6,670 Euros for breaching Art. 5 GDPR, Art. 6 GDPR, Art. 21 GDPR - Insufficient legal basis for data processing
Vodafone España, S.A.U. fined 75,000 Euros for breaching Art. 5 GDPR, Art. 6 GDPR - Insufficient legal basis for data processing
Iberia Lineas Aereas de Espana, S.A. Operadora Unipersonal fined 20,000 Euros for breaching Art. 5 GDPR, Art. 6 GDPR, Art. 21 GDPR - Insufficient legal basis for data processing
Vodafone España, S.A.U. fined 50,000 Euros for breaching Art. 5 GDPR - Non-compliance with general data processing principles
Vodafone España, S.A.U. fined 60,000 Euros for breaching Art. 5 GDPR, Art. 6 GDPR - Insufficient legal basis for data processing
Vodafone España, S.A.U. fined 75,000 Euros for breaching Art. 5 GDPR, Art. 6 GDPR - Insufficient legal basis for data processing
Xfera Moviles S.A. fined 60,000 Euros for breaching Art. 5 GDPR, Art. 6 GDPR - Insufficient legal basis for data processing
Comune di Colledara fined 4,000 Euros for breaching Art. 5 GDPR, Art. 6 GDPR - Insufficient legal basis for data processing
Facebook Settles Facial Recognition Lawsuit for $550 Million
Accounting firm fined 1,450 Euros for breaching Art. 24 GDPR, Art. 32 GDPR - Insufficient technical and organisational measures to ensure information security
Sapienza Università di Roma fined 30,000 Euros for breaching Art. 5 (1) f) GDPR, Art. 32 GDPR - Insufficient technical and organisational measures to ensure information security
Azienda Ospedaliero Universitaria Integrata di Verona (Hospital) fined 30,000 Euros for breaching Art. 5 (1) f) GDPR, Art. 32 GDPR - Insufficient technical and organisational measures to ensure information security
Google hit with £44m GDPR fine over ads
Community of Francavilla Fontana fined 10,000 Euros for breaching Art. 5 GDPR, Art. 6 GDPR - Insufficient legal basis for data processing
TIM (telecommunications operator) fined 27,800,000 Euros for breaching Art. 5 GDPR, Art. 6 GDPR, Art. 17 GDPR, Art. 21 GDPR, Art. 32 GDPR - Insufficient legal basis for data processing
Equifax Settles Mega-Breach Lawsuit for $1.38 Billion
Zhang Bordeta 2006, S.L. (Store and Restaurant) fined 3,600 Euros for breaching Art. 5 GDPR - Non-compliance with general data processing principles
Allseas Marine S.A. fined 15,000 Euros for breaching Art. 5 (1) a), (2) GDPR - Non-compliance with general data processing principles
eShop for Sports (M.L. PRO.FIT SOLUTIONS LTD) fined 1,000 Euros for breaching Art. 6 GDPR - Insufficient legal basis for data processing
Social Insurance Services of the Ministry of Labor, Welfare and Social Insurance fined 9,000 Euros for breaching Art. 32 GDPR - Insufficient technical and organisational measures to ensure information security
Public healthcare cluster NHG fined $6,000 for not securing personal data
Texas school district loses $2.3 million from phishing scam
Vodafone España, S.A.U. fined 3,000 Euros for breaching Art. 58 GDPR - Insufficient cooperation with supervisory authority
DSG Retail Ltd fined £500,000 by the ICO
Asociación de Médicos Demócratas fined 10,000 Euros for breaching Art. 6 GDPR - Insufficient legal basis for data processing
EDP Comercializadora, S.A.U. fined 75,000 Euros for breaching Art. 6 GDPR - Insufficient legal basis for data processing
EDP España S.A.U. fined 75,000 Euros for breaching Art. 6 GDPR - Insufficient legal basis for data processing
Vodafone España, S.A.U. fined 44,000 Euros for breaching Art. 5 (1) f) GDPR - Non-compliance with general data processing principles
West Georgia Ambulance Company Pays $65,000 to Settle Allegations of Longstanding HIPAA Noncompliance
Canada's broadcasting agency fines company behind the Orcus malware
Aegean Marine Petroleum Network Inc. fined 150,000 Euros for breaching Art. 5 GDPR, Art. 6 GDPR, Art. 32 GDPR - Insufficient technical and organisational measures to ensure information security
Website providing legal information fined 15,000 Euros for breaching Art. 6 GDPR, Art. 12 GDPR, Art. 13 GDPR - Insufficient fulfilment of information obligations
Nursing Care Organisation fined 2000 Euros for breaching Art. 12 GDPR, Art. 15 GDPR, Art. 17 GDPR - Insufficient fulfilment of data subjects rights
Doorstep Dispensaree Ltd. (Pharmacy) fined 320,000 Euros for breaching Art. 32 GDPR - Insufficient technical and organisational measures to ensure information security
Nusvar AB fined 35,000 Euros for breaching Art. 6 GDPR - Insufficient legal basis for data processing
Eni Gas e Luce fined 3,000,000 Euros for breaching Art. 5 GDPR, Art. 6 GDPR - Insufficient legal basis for data processing
Eni Gas e Luce fined 8,500,000 Euros for breaching Art. 5 GDPR, Art. 6 GDPR, Art. 17 GDPR, Art. 21 GDPR - Insufficient legal basis for data processing
Unknown Company fined 1,430 Euros for breaching Art. 5 GDPR, Art. 6 GDPR, Art. 13 GDPR, Art. 24 GDPR, Art. 25 GDPR - Non-compliance with general data processing principles
Shop Macoyn, S.L. fined 5,000 Euros for breaching Art. 32 GDPR - Insufficient technical and organisational measures to ensure information security
Rapidata GmbH fined 10,000 Euros for breaching Art. 37 GDPR - Lack of appointment of data protection officer