Østre Toten municipality

€412,000

Insufficient technical and organisational measures to ensure information security

Lēmuma datums

2021. gada 18. oktobris

Iestāde

Norwegian Supervisory Authority (Datatilsynet)

NO

Nozare

Public Sector and Education

Valsts

NO

Likums

GDPR

Statuss

FINAL

Apraksts

The Norwegian DPA has fined Østre Toten municipality EUR 412,000. The municipality suffered a cyberattack in January 2021, as a result of which the municipality's data was encrypted as well as backups were deleted. A larger amount of data was later published on the dark web. Approximately 30,000 documents were affected by the attack. The documents contained, among other things, information on ethnic origin, political opinion, religious beliefs, union memberships, sexual orientation, health status, as well as banking data of the municipality's residents and employees. The DPA's investigation revealed that the municipality had fundamental deficiencies in the security of personal data and related internal controls.Among other things, the municipality had not used two-factor authentication when logging into systems, and lacked appropriate backup systems.

Juridiskās atsauces

Art. 5 (1)Art. 32

Jautājumi un pārkāpumi

Insufficient technical and organisational measures to ensure information security
Skatīt oficiālo dokumentu
Atgriezties pie Naudas sodu datubāzes
Iepriekšējais naudas sods
Italian Data Protection Authority (Garante) - Heal...
Nākamais naudas sods
Data Protection Authority of Hamburg (HmbBfDI) - C...

Atjauniniet informāciju par konfidencialitātes ieviešanu

Mēs respektējam jūsu konfidencialitāti. Viens e-pasts mēnesī, bez surogātpasta, jebkurā laikā varat atteikties no abonēšanas.