Details:
| Summary | NAIH imposed a fine of HUF 11,000,000 (EUR 34,375) on an undisclosed Hungarian political party for failing to notify the NAIH and relevant individuals about a data breach, and failing to document the breach according to GDPR Article 33.5. As mandated by law, the fine was based on 4% of the party’s annual turnover and 2.65 % of its anticipated turnover for the coming year.
The breach was the result of a cyber attack by an anonymous hacker who accessed and disclosed information on the vulnerability of the organisation’s system – a database of more than 6,000 individuals – and the command used for the attack. The system was vulnerable to attack because of a redirection problem with the organisation’s webpage. After the attacker published the command, even people with low IT knowledge were able to retrieve information from the database. |
| Link: | link |
| Related articles: | Art. 33 (1) GDPR, Art. 33 (5) GDPR, Art. 34 (1) GDPR |
| Type: | Insufficient fulfilment of data breach notification obligations |
| Fine: | EUR 34,375 |
| Sector | Public Sector and Education |
All data is based on The CMS’s Law GDPR Enforcement Tracker Source: https://www.enforcementtracker.com/