Allium UPI
€3,000,000
Insufficient technical and organisational measures to ensure information security
תאריך ההחלטה
5 בספטמבר 2025
סמכות
Estonian Data Protection Authority (AKI)
EE
סקטור
Industry and Commerce
מדינה
EE
חוק
GDPRסטטוס
FINALתיאור
The Estonian DPA has imposed a fine of EUR 3,000,000 on Allium UPI. The controller failed to implement adequate technical and organisational measures to ensure data security. This resulted in a data breach involving the personal data of 750,000 individuals, including children and other vulnerable groups.
בעיות והפרות
Insufficient technical and organisational measures to ensure information security