The French data protection authority, the CNIL, has fined Optical Center 250,000 euros after a “significant data leak” was discovered. An investigation by the DPA found it was able to access customer information belonging to Optical Center after entering several different URLs. The information included names, addresses, health data and, in some cases, national identity numbers. The CNIL investigation found Optical Center’s website did not have a proper method to verify customers before they could access their invoices. The DPA made its decision based on the sensitivity of the information and the fact more than 334,000 records were compromised in the breach. (Original article is in French.)
If you want to comment on this post, you need to login.