GreeceData Protection Authority ('HDPA') issued Decision No. 4/2022 at the beginning of the year, which regulated the Hellenic Telecommunications Organization SA,OTE The Group was fined €3,250,000 for violating Article 32 of the General Regulations. Data Protection Regulation (Regulation (EU) 2016/679) (“GDPR”), in relation to user callsdata breachafter the data breach.
background to the decision
In particular, the HDPA outlined that Cosmote Mobile Telecommunications SA reported the data breach to the HDPA and submitted various documents as required, which led to the conclusion that the OTE Group should have been involved in the investigation of the incident, in particular with regard to the security measures implemented. In addition, the HDPA stated that the data breach involved the leakage of subscriber call data for the period from September 1, 2020 to September 5, 2020, which was stored on Cosmote's servers and transferred from the servers to IP addresses belonging to Lithuania's hosting service provider. Additionally, the HDPA details that, based on Comoste's investigation, it was discovered that websites hosted on OTE Group's infrastructure were hacked in the same IP address. Specifically.
HDPA’s findings
The HDPA found that since both Cosmote and OTE Group were responsible for determining technical and organizational security measures, OTE Group violated Article 32(1) of the GDPR.
result
As a result of the above violations, the HDPA imposed a fine of €3,250,000 on OTE.
Original article by Chief Security Officer, if reproduced, please credit https://www.cncso.com/en/ote-group-fined-e3-2-million-for-data-breach.html
