(022) 820 801 centru@datepersonale.md
DP header logo
img mobile menu img close mobile menu
ROENРу
ico search toggle
datepersonale.md
/
Uncategorized
/
Administrative fine of 865,000 euros imposed by the Finnish Data Protection Authority on Aktia Bank for security deficiencies in its strong electronic authentication service

Administrative fine of 865,000 euros imposed by the Finnish Data Protection Authority on Aktia Bank for security deficiencies in its strong electronic authentication service

img 52 Views

       The National Center for Personal Data Protection (NCPDP), for information and application purposes, communicates about the administrative fine of 865,000 euros imposed by the Finnish Data Protection Authority (SA) on Aktia Bank for violating Article 5 (Principles relating to processing of personal data), Article 25 (Data protection by design and by default) and Article 32 (Security of processing) of the GDPR.

       Aktia Bank’s strong electronic authentication service suffered an outage due to a technical change in January 2023. During the short-term outage, some people who logged into various services using Aktia Bank’s online banking credentials had access to the personal data of other customers because the service confused the identities of the people. The security breach affected various public services, unemployment funds, insurance companies, and healthcare providers. Many of these services contain highly confidential information, such as health and financial data, thus affecting approximately 350 people. To date, no misuse of this data has been reported.

       The investigation highlighted deficiencies in: the design and implementation of the technical change, insufficient testing of the new system, and the lack of adequate change management. More extensive testing and the use of standard methods could have prevented the incident.

       In this context, the Finnish SA imposed an administrative fine of EUR 865,000 on the controller for failure to comply with the requirements of data protection legislation regarding the safe processing of personal data and data protection from the moment of design and by default. A reprimand was also issued.

       NCPDP, as the national supervisory authority for the processing of personal data, emphasizes the responsibility of personal data controllers to comply with the provisions of the legislative framework on the protection of personal data and to ensure that personal data processing operations comply with the legislation in force.

img
Administrative fine of 1.8 million euros imposed by the Finnish Data Protection Authority on S-Bank for data security vulnerability

       The National Center for Personal Data Protection (NCPDP), for information and application purposes, communicates about the administrative fine of 1.8 million euros imposed by the Finnish Data Protection Authority (SA) on the company S-Bank for violating Article 5 (Principles related to the processing of personal data), Article 25 (Data protection by design […]

img 47 Views
img
Administrative fine of 865,000 euros imposed by the Finnish Data Protection Authority on Aktia Bank for security deficiencies in its strong electronic authentication service

       The National Center for Personal Data Protection (NCPDP), for information and application purposes, communicates about the administrative fine of 865,000 euros imposed by the Finnish Data Protection Authority (SA) on Aktia Bank for violating Article 5 (Principles relating to processing of personal data), Article 25 (Data protection by design and by default) […]

img 53 Views
img Video gallery
img Information