Iceland Iceland

InfoMentor ehf

23,100 €

GDPR enforcement action by Icelandic data protection authority ('Persónuvernd') on 2021-04-29.

Rank · Sector
#145
of 595 in Industry and Commerce
Rank · Iceland
#10
of 22
Rank · All fines
#994
of 3,042

Case details

Authority
Icelandic data protection authority ('Persónuvernd')
Date
2021-04-29
Controller / Processor
InfoMentor ehf
Sector
Industry and Commerce
Quoted Articles
Art. 32 (1) b), d) GDPR
Type of violation
Insufficient technical and organisational measures to ensure information security

Summary

The Icelandic DPA (Persónuvernd) has imposed a fine of EUR 23,100 on InfoMentor ehf. Previously, the controller had reported a data breach according to Art. 33 GDPR. The incident concerned the company's online system, which is mainly used by schools and other institutions for communication and information purposes. In the course of its investigations, the DPA determined that inadequate technical and organizational security measures on the part of the controller led to the breach. Due to a security leak that resulted in the six-digit system number of each user being visible in the URL address of a specific page within the mentor system, unauthorized persons gained access to the personal data of 424 children.

Open original source Links to the regulator's original publication or another source.

Related fines

Iceland
Iceland
2023-06-27
257,000 €
ETid-1952
Creditinfo Lánstraust hf.
Finance, Insurance and Consulting
Iceland
Iceland
2023-07-03
81,000 €
ETid-1940
Heilsuveru
Health Care
Iceland
Iceland
2021-11-23
51,000 €
ETid-916
Icelandic Ministry of Industry and Innovation
Public Sector and Education
Iceland
Iceland
2023-06-27
51,000 €
ETid-1948
eCommerce 2020 ApS
Finance, Insurance and Consulting
Iceland
Iceland
2022-05-03
36,000 €
ETid-1154
City of Reykjavík
Public Sector and Education
Iceland
Iceland
2025-02-17
34,300 €
ETid-2602
Primary Health Care in the Capital Area
Health Care
Back to all fines