Ireland
University of Limerick
98,000 €
GDPR enforcement action by Data Protection Authority of Ireland on 2025-12-10.
Rank · Sector
#45
of 357 in Public Sector and Education
Rank · Ireland
#22
of 36
Rank · All fines
#494
of 3,050
Case details
- Authority
- Data Protection Authority of Ireland
- Date
- 2025-12-10
- Controller / Processor
- University of Limerick
- Sector
- Public Sector and Education
- Quoted Articles
- Art. 5 (1) f) GDPR, Art. 30 (1) GDPR, Art. 32 (1) GDPR, Art. 33 (1) GDPR, Art. 34 (1) GDPR
- Type of violation
- Insufficient technical and organisational measures to ensure information security
Summary
The Irish DPA has imposed a fine of EUR 98,000 on the Universtiy of Limerick. The controller suffered multiple data breaches resulting from successful phishing attacks, which gave the attackers access to multiple employee accounts. The attackers gained access to the personal data stored in the accounts and were able to successfully divert emails to hidden folders. The controller also failed to adequately record processing activities and fulfil information obligations regarding the data breaches.
Open original source
Links to the regulator's original publication or another source.
Related fines
Ireland
2023-05-12
1,200,000,000 €
ETid-1844
Meta Platforms Ireland Limited
Media, Telecoms and Broadcasting
Ireland
2025-05-02
530,000,000 €
ETid-2584
TikTok Technology Limited
Media, Telecoms and Broadcasting
Ireland
2022-09-05
405,000,000 €
ETid-1373
Meta Platforms, Inc.
Media, Telecoms and Broadcasting
Ireland
2023-01-04
390,000,000 €
ETid-1543
Meta Platforms Ireland Limited
Media, Telecoms and Broadcasting
Ireland
2023-09-01
345,000,000 €
ETid-2032
TikTok Limited
Media, Telecoms and Broadcasting
Ireland
2024-10-24
310,000,000 €
ETid-2469
LinkedIn
Media, Telecoms and Broadcasting