1&1 Telecom GmbH hit by almost â‚¬10 million GDPR fine over poor security at call centre
1&1 Telecom GmbH has been hit with one of the largest fines dished out so far under European GDPR legislation, Germany’s federal privacy watchdog has announced.
1&1 has been fined â‚¬9.55 million (US $10.6 million) by Germany’s Federal Commissioner for Data Protection and Freedom of Information (BFDI), after the telecoms company was found to have not taken sufficient measures in its call centre to prevent unauthorised parties from accessing customer data.
The BfDI says that it became aware that anyone could obtain extensive personal information on 1&1’s customers simply by calling the customer care department and giving a name and date of birth.
The BfDI ruled that 1&1 was, therefore, in violation of article 32 of the GDPR legislation, by failing to take appropriate technical and organisational measures to protect the handling of personal data.
The German data protection agency determined that, although the number of affected customers was small, a fine was necessary because 1&1’s entire customer base was at risk.
The fine could have been higher, but the BfDI took into account that 1&1 took steps to improve things – by asking for additional information to verify the identity of individuals – in its call centre when its inadequate security was brought to its attention. The company also says it will be introducing a new authentication system that they hope will significant improve the protection of data.
The BfDI says that it has since opened investigations into other telecoms providers to see if they are similarly failing to properly protect customers’ private information.
Compared to other GDPR fines related to more significant breaches – such as the Â£183 million penalty imposed on British Airways, and the Â£99 million fine on Marriott International – 1&1 has got away relatively lightly.
But few companies of its size will be happy paying a fine of almost 10 million Euros, and we can only hope that other businesses will heed the headlines and ensure that they have proper technology and procedures in place to avoid the risk of their own customers having their private details exposed to unauthorised parties.
Update: This story has been updated to point that telecom part of 1&1 GmbH has been affected, not their web-hosting services.
Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US
July 16, 2021
How to protect yourself against cyberstalking
July 06, 2021
The Top Five Security Risks Smartphone Users Face Today
July 02, 2021
Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials
July 02, 2021
Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger
June 30, 2021
Mobile security threats: reality or myth?
June 13, 2021
FOLLOW US ON
You might also like
July 23, 2021
July 22, 2021
July 20, 2021