The UODO punished Virgin Mobile Polska with a high fine. All because of leakage of sensitive customer data

Source: Pure PC added 15th Dec 2020

  • the-uodo-punished-virgin-mobile-polska-with-a-high-fine.-all-because-of-leakage-of-sensitive-customer-data

Virgin Mobile Polska was fined by the Office for Personal Data Protection for insufficient security of the IT system, the purpose of which was to manage the personal data of customers. While the amount may seem high to the average bread eater, it is actually very small. We are talking about PLN 1.9 million, which will reduce the operator’s budget. To be precise – the penalty will be paid by the new owner of the telecom, the Play network. Violet took over the aforementioned entity for the amount of PLN 59 million zlotys with all its luggage, and thus along with the risk of a penalty related directly to the data leakage taking place in mid-December last year . Here are the details of the case.

Although it will soon be a year since the disclosure of the leakage of Virgin Mobile Polska customers’ data, only now we learn about the amount of the fine imposed on the operator. We check the decision of the President of the Personal Data Protection Office.

Metadata and data – a treasure trove of knowledge about us and our habits

UODO informed about the imposition of an administrative fine on the Virgin Mobile Polska network operator. The amount of the fine is PLN 1.9 million. According to the Office for Personal Data Protection, the gravity and scale of the violations are sufficient reasons to apply this form of punishment. The choice of an alternative solution could be perceived as disproportionate. Today Play is responsible for the payment of a specific fee, as the purple operator of mobile telephony and network services took over the said entity for the amount of 59 million zlotys. UODO has clarified the details of the leakage of sensitive data such as identity card numbers, PESEL numbers and names.

The Powerbank can infect your smartphone with a Trojan. How to defend yourself?

All through the system responsible for the processing of personal data of prepaid card users who registered numbers. The verification of the correctness of the information transfer was not properly tested, so no vulnerability to obtaining data by an unauthorized entity was detected. After the incident, measures were taken to protect the said element of infrastructure, but this does not change the fact that Virgin Mobile Polska did not take appropriate precautionary measures. There was even a risk of user identity theft at stake.

Source: UODO