With the GDPR companies who do not ensure that your passwords are at least encrypted (which makes it slightly better if they are leaked, right?) and that your data is anonymized and secured correctly can be fined. That’s something Knuddels.de had to find out recently.
Knuddels.de is a German flirting / chatting / social media channel. The network was hacked back in September and around 808,000 email addresses as well as 1,872,000 pseudonyms and passwords were leaked as a result.
Now a couple of months later a German court decided that the company would have to pay a fine of 20,000€. Wait what? Just 20,000€? That’s nothing! Yes, it’s not a lot. According to the GDPR much higher fines are actually also a possibility.
There is a reason for the rather low fine is easy: Knuddels.de immediately reported the leak, communicated everything transparently and started working on their IT-Security among other things. Stefan Brink, the data protection officer involved in the case, thinks that this is reason enough not to punish them too harshly. After all, the network will also have to invest almost a million Euros into all the improvements.