POST Online Media Lite Edition


France fined Slimpay €180,000 for failing to inform of data breach

Christian Fernsby |
On December 28, 2021, the CNIL's restricted committee issued Slimpay a fine of €180,000 for insufficiently protecting users' personal data and failing to inform them of a data breach.

Article continues below

Topics: FRANCE   

Slimpay is an authorised payment institution that offers recurring payment solutions to its customers. During 2015, it conducted an internal research project, during which it processed personal data contained in its databases.

When the research project ended in July 2016, the data remained stored on a server, without any security procedures and freely accessible from the Internet. Slimpay wasn’t aware of the data breach, which affected approximately 12 million people, until February 2020.

The CNIL carried out an investigation on the company SLIMPAY in 2020. It found several breaches concerning the processing of personal data of customers.

On the basis of these elements, the restricted committee - the CNIL body responsible for issuing sanctions - effectively considered that the company had failed to comply with several GDPR requirements.

Since the data subjects concerned by the breach were located in several European Union countries, the CNIL cooperated with the supervisory authorities of four countries (Germany, Spain, Italy and the Netherlands).

At the end of this process, the restricted committee imposed a fine of €180,000 and decided to make its decision public.

The CNIL considered that, given the nature of the personal data (including bank details), the number of people affected (more than 12 million), the possibility of identifying the people affected by the breach from the accessible data and the possible consequences for the people concerned (risk of phishing or identity theft), the risk associated with the breach should be considered high.

Therefore, the company should have informed all affected individuals, which it did not do.

What to read next

Major U.S. airlines fined for providing inaccurate information
South Korean Airlines ordered to pay fines, pilots suspended
Mexico fines taxi companies for consumer abuse