Allium UPI
€3,000,000
Insufficient technical and organisational measures to ensure information security
决定日期
2025年9月5日
权力
Estonian Data Protection Authority (AKI)
EE
部门
Industry and Commerce
国家
EE
法律
GDPR现状
FINAL说明
The Estonian DPA has imposed a fine of EUR 3,000,000 on Allium UPI. The controller failed to implement adequate technical and organisational measures to ensure data security. This resulted in a data breach involving the personal data of 750,000 individuals, including children and other vulnerable groups.
问题与违规
Insufficient technical and organisational measures to ensure information security