2 min read

1&1 Telecom GmbH hit by almost €10 million GDPR fine over poor security at call centre

Graham CLULEY

December 11, 2019

1&1 Telecom GmbH hit by almost €10 million GDPR fine over poor security at call centre

1&1 Telecom GmbH has been hit with one of the largest fines dished out so far under European GDPR legislation, Germany’s federal privacy watchdog has announced.

1&1 has been fined €9.55 million (US $10.6 million) by Germany’s Federal Commissioner for Data Protection and Freedom of Information (BFDI), after the telecoms company was found to have not taken sufficient measures in its call centre to prevent unauthorised parties from accessing customer data.

The BfDI says that it became aware that anyone could obtain extensive personal information on 1&1’s customers simply by calling the customer care department and giving a name and date of birth.

The BfDI ruled that 1&1 was, therefore, in violation of article 32 of the GDPR legislation, by failing to take appropriate technical and organisational measures to protect the handling of personal data.

The German data protection agency determined that, although the number of affected customers was small, a fine was necessary because 1&1’s entire customer base was at risk.

The fine could have been higher, but the BfDI took into account that 1&1 took steps to improve things – by asking for additional information to verify the identity of individuals – in its call centre when its inadequate security was brought to its attention. The company also says it will be introducing a new authentication system that they hope will significant improve the protection of data.

The BfDI says that it has since opened investigations into other telecoms providers to see if they are similarly failing to properly protect customers’ private information.

Compared to other GDPR fines related to more significant breaches – such as the £183 million penalty imposed on British Airways, and the £99 million fine on Marriott International – 1&1 has got away relatively lightly.

But few companies of its size will be happy paying a fine of almost 10 million Euros, and we can only hope that other businesses will heed the headlines and ensure that they have proper technology and procedures in place to avoid the risk of their own customers having their private details exposed to unauthorised parties.

Update: This story has been updated to point that telecom part of 1&1 GmbH has been affected, not their web-hosting services.

tags


Author



Right now

Top posts

Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

July 16, 2021

3 min read
How to protect yourself against cyberstalking

How to protect yourself against cyberstalking

July 06, 2021

2 min read
The Top Five Security Risks Smartphone Users Face Today

The Top Five Security Risks Smartphone Users Face Today

July 02, 2021

4 min read
Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials

Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials

July 02, 2021

3 min read
Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger

Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger

June 30, 2021

2 min read
Mobile security threats: reality or myth?

Mobile security threats: reality or myth?

June 13, 2021

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Fraud Family cybercrime ring under the spotlight as arrests made in the Netherlands Fraud Family cybercrime ring under the spotlight as arrests made in the Netherlands
Graham CLULEY

July 23, 2021

3 min read
Homoglyph domains used in BEC scams shut down by Microsoft Homoglyph domains used in BEC scams shut down by Microsoft
Graham CLULEY

July 22, 2021

3 min read
China Sets Up New Worrying Vulnerability Disclosure Rules China Sets Up New Worrying Vulnerability Disclosure Rules
Silviu STAHIE

July 20, 2021

1 min read