France’s data protection authority, the CNIL, fined the Association for the Development of Homes 75,000 euros for insufficiently protecting user data. An investigation conducted in June 2017 found a modification of the ADEF’s website URL allowed anyone to view user information, including names, dates of birth, addresses, marital statuses, salaries, tax notices, passports and identity cards. The CNIL informed the ADEF to remedy the leak but found the organization had not addressed the vulnerability after another inspection was conducted a few days later. The agency fined the ADEF for failing to take the proper measures to protect user data under Article 34 of the Computer and Liberties law. (Original article is in French.)
If you want to comment on this post, you need to login.