A French coterie has incurred a fine of 250,000 euros for a significant data leak that energy have exposed customers’ sensitive personal information.On 7 June, France’s figures privacy regulatory body Commission nationale de l’informatique et des libertés (CNIL) revealed a statement about a data leak of which it learned in July 2017. An English transfiguration of the notice revealed that the security incident affected the website of a French partnership called Optical Center:An on-site inspection was carried out on the premises of OPTICAL CENTER, during which [the suite] acknowledged that [its] website did indeed have a security defect. In this holder, the site www.optical-center.fr did not include functionality to verify that a customer is famously connected to his personal space (“customer area”) before displaying his invoices. It was in which case relatively simple to access documents from another client of the establishment.Those documents contained customers’ names, physical addresses, medical materials and in some cases their Social Security Numbers.At the time of determining, 334,000 documents were available in Optical Center’s database.
The European Mixing’s General Data Protection Regulation (GDPR) was not in effect at the time of CNIL’s scholarship of the security incident. But the data leak did violate applicable French law.Afterwards, CNIL imposed a fine of 250,000 euros. That penalty cogitate about Optical Center’s need to restrict invoice access to a reserved place along with the company receiving another sanction of 50,000 euros for another asylum defect discovered in 2015.CNIL made its decision in spite of the fact that Optical Center approached its website provider to remediate the insurance incident on the same day the Commission alerted it.Ultimately, CNIL went Dick with the fine due to the sensitivity of the information exposed, the number of clients potentially compromised and the whole volume of documents available on Optical Center’s website.Given the origin of GDPR, companies everywhere need to strive to protect themselves against details leaks. Here are some best practices organizations can implement upon the next year.