Bulgaria
National Revenue Agency
2,600,000 €
GDPR enforcement action by Data Protection Commision of Bulgaria (KZLD) on 2019-08-28.
Rank · Sector
#5
of 357 in Public Sector and Education
Rank · Bulgaria
#1
of 31
Rank · All fines
#113
of 3,051
Case details
- Authority
- Data Protection Commision of Bulgaria (KZLD)
- Date
- 2019-08-28
- Controller / Processor
- National Revenue Agency
- Sector
- Public Sector and Education
- Quoted Articles
- Art. 32 GDPR
- Type of violation
- Insufficient technical and organisational measures to ensure information security
Summary
Leakage of personal data in a hacking attack due to inadequate technical and organisational measures to ensure the protection of information security. It was found that personal data concerning about 6 million persons was illegally accessible.
Open original source
Links to the regulator's original publication or another source.
Related fines
Bulgaria
2019-08-28
511,000 €
ETid-72
DSK Bank
Finance, Insurance and Consulting
Bulgaria
2022-05-04
500,000 €
ETid-1832
Bulgarian Post EAD
Transportation and Energy
Bulgaria
2019-09-03
28,100 €
ETid-140
National Revenue Agency
Public Sector and Education
Bulgaria
2019-02-26
27,100 €
ETid-7
Telecommunication service provider
Media, Telecoms and Broadcasting
Bulgaria
2022
12,800 €
ETid-1831
Political party
Individuals and Private Associations
Bulgaria
2023-01-26
12,800 €
ETid-2882
Political Party
Individuals and Private Associations