Denmark
SIRIUS (law firm)
67,200 €
GDPR enforcement action by Danish Data Protection Authority (Datatilsynet) on 2022-07-14.
Rank · Sector
#112
of 322 in Finance, Insurance and Consulting
Rank · Denmark
#10
of 29
Rank · All fines
#603
of 3,042
Case details
- Authority
- Danish Data Protection Authority (Datatilsynet)
- Date
- 2022-07-14
- Controller / Processor
- SIRIUS (law firm)
- Sector
- Finance, Insurance and Consulting
- Quoted Articles
- Art. 32 GDPR
- Type of violation
- Insufficient technical and organisational measures to ensure information security
Summary
The Danish DPA has imposed a fine of EUR 67,200 on the law firm SIRIUS. The law firm had suffered a cyber attack in which hackers gained access to the firm's servers and encrypted them. This gave them access to information about the firm's clients and business partners.
During its investigation, the DPA found that the law firm lacked basic security measures, which increased the risk of unauthorized access to client data. The firm's systems, for example, did not contain sufficient verification measures, such as multi-factor logins.
Open original source
Links to the regulator's original publication or another source.
Related fines
Denmark
2022-04-05
1,300,000 €
ETid-1114
Danske Bank
Finance, Insurance and Consulting
Denmark
2025-09-02
200,900 €
ETid-2891
ILVA A/S
Industry and Commerce
Denmark
2019
160,000 €
ETid-21
Taxa 4x35
Transportation and Energy
Denmark
2020-07-28
147,800 €
ETid-361
Arp Hansen Hotel Group A/S
Accomodation and Hospitality
Denmark
2022-06-22
134,000 €
ETid-1241
Gyldendal A/S
Media, Telecoms and Broadcasting
Denmark
2021-09-29
107,000 €
ETid-857
Danish Cancer Society
Health Care