GreeceData Protection Authority ('HDPA') issued Decision No. 4/2022 at the beginning of the year, which regulated the Hellenic Telecommunications Organization SA,OTE The Group was fined €3,250,000 for violating Article 32 of the General Regulations. Data Protection Regulation (Regulation (EU) 2016/679) (“GDPR”), in relation to user callsdata breachafter the data breach.
background to the decision
In particular, the HDPA outlined that Cosmote Mobile Telecommunications SA reported the data breach to the HDPA and submitted various documents as required, leading to the conclusion that OTE Group should be involved in the investigation of the incident, particularly with regard to the security measures implemented. Additionally, the HDPA noted that the data breach involved the exfiltration of user call data between September 1, 2020, and September 5, 2020, which was stored in Cosmote’s servers and transferred from the servers to IP belonging to the Lithuanian hosting provider address. Additionally, the HDPA detailed that, following Comoste's investigation, it was discovered that at the same IP address, a website hosted in the OTE Group's infrastructure washackerInvasion. Specifically,
HDPA’s findings
The HDPA found that since both Cosmote and OTE Group were responsible for determining technical and organizational security measures, OTE Group violated Article 32(1) of the GDPR.
result
As a result of the above violations, the HDPA imposed a fine of €3,250,000 on OTE.
Original article by Chief Security Officer, if reproduced, please credit https://www.cncso.com/en/ote-group-fined-e3-2-million-for-data-breach.html
