Advanced Computer Software Group Ltd
€3,500,000
Insufficient technical and organisational measures to ensure information security
Sprendimo priėmimo data
2025 m. kovo 26 d.
Institucija
Information Commissioner (ICO)
GB
Sektorius
Health Care
Šalis
GB
Teisė
GDPRStatusas
FINALAprašymas
The UK DPA (ICO) has fined Advanced Computer Software Group Ltd £3.07 million (EUR 3.5 million) for insufficient IT security (infringiment of Art. 32 (1) UK GDPR). The controller failed to implement appropriate technical and organisational measures to protect personal data. A ransomware attack in August 2022 allowed hackers to access systems of a health subsidiary via a customer account that lacked multi-factor authentication. As a result, the personal data of 79,404 individuals was put at risk.
Teisinės citatos
Art. 32 (1)
Problemos ir pažeidimai
Insufficient technical and organisational measures to ensure information security