News about leaked data can be found online every other day – it’s basically an epidemic by now. Even worse: there is almost nothing you can do. So you probably have to live with your data being out there and crafty cybercriminals having access to it to use it for whatever sinister purpose they want. Until now nothing even happened to the companies that leaked your data.
The latter might have changed though. With the GDPR companies who do not ensure that your passwords are at least encrypted (which makes it slightly better if they are leaked, right?) and that your data is anonymized and secured correctly can be fined. That’s something Knuddels.de had to find out recently.
20,000€ fine for almost 2 million lost passwords
Knuddels.de is a German flirting / chatting / social media channel. The network was hacked back in September and around 808,000 email addresses as well as 1,872,000 pseudonyms and passwords were leaked as a result.
Now a couple of months later a German court decided that the company would have to pay a fine of 20,000€. Wait what? Just 20,000€? That’s nothing! Yes, it’s not a lot. According to the GDPR much higher fines are actually also a possibility.
There is a reason for the rather low fine is easy: Knuddels.de immediately reported the leak, communicated everything transparently and started working on their IT-Security among other things. Stefan Brink, the data protection officer involved in the case, thinks that this is reason enough not to punish them too harshly. After all, the network will also have to invest almost a million Euros into all the improvements.