https://datenschutz-hamburg.de/assets/pdf/28._Taetigkeitsbericht_Datenschutz_2019_HmbBfDI.pdf

€20K($22K USD)final

Date Issued

2019-01-01

Regulation

GDPR

Authority

Data Protection Authority of Hamburg

Country

Germany

Violation Type

Failure to implement sufficient measures to ensure information security

Currency

EUR

Violation Summary

HVV GmbH had not reported a data breach to the data protection authority in due time. This data breach was related to the security gap in the Customer E-Service, in that that clients with an HVV card who logged in the CES could access the data of other customers by changing the URL to match their data profile.

Articles Violated

Art. 33 GDPRArt. 34 GDPR
View Source Document →

Other Fines for https://datenschutz-hamburg.de/assets/pdf/28._Taetigkeitsbericht_Datenschutz_2019_HmbBfDI.pdf

DateRegulationAmount (USD)Type
2019-01-01GDPR$21,600Failure to implement sufficient measures to ensure information security