Allium UPI
€3,000,000
Insufficient technical and organisational measures to ensure information security
決定日期
2025年9月5日
權限
Estonian Data Protection Authority (AKI)
EE
部門
Industry and Commerce
國家
EE
法律
GDPR狀態
FINAL說明
The Estonian DPA has imposed a fine of EUR 3,000,000 on Allium UPI. The controller failed to implement adequate technical and organisational measures to ensure data security. This resulted in a data breach involving the personal data of 750,000 individuals, including children and other vulnerable groups.
問題與違規
Insufficient technical and organisational measures to ensure information security