Details:

Summary Leakage of personal data in a hacking attack due to inadequate technical and organisational measures to ensure the protection of information security. It was found that personal data concerning about 6 million persons was illegally accessible.
Link: link
Related articles:  Art. 32 GDPR
Type: Insufficient technical and organisational measures to ensure information security
Fine: EUR 2,600,000
Sector Public Sector and Education

 

All data is based on The CMS’s Law GDPR Enforcement Tracker Source: https://www.enforcementtracker.com/

Tags: case law