1&1 Telecom GmbH

€9.6M($10.3M USD)final

Date Issued

2019-12-09

Regulation

GDPR

Authority

The Federal Commissioner for Data Protection and Freedom of Information (BfDI)

Country

Germany

Violation Type

Failure to implement sufficient measures to ensure information security

Currency

EUR

Violation Summary

The telecom company 1&1 Telecom GmbH was fined with €9,550,000 after it came to light that sensitive customer information could be obtained by phone by anyone by just telling a client’s name and date of birth. This could have permitted anyone to obtain the personal information of any customer in case they knew their name and date of birth. The BfDI considered that the company failed to implement the necessary technical measures to ensure the protection of personal data. The BfDI further revealed that the fine was intended to be much larger but was eventually decreased due to the cooperation of the company during the investigation.

Articles Violated

Art. 32 GDPR
View Source Document →

Related Headlines

1&1 Telecom GmbH hit by almost €10 million GDPR fine over poor security at call centre - Bitdefender

Bitdefender · 10/25/2024

German Court cuts multimillion GDPR fine by 90% - Data Protection Report

Data Protection Report · 11/17/2020

Internet provider faces big GDPR fine for lax call centre checks - BBC

BBC · 12/11/2019

Internet provider faces big GDPR fine for lax call centre checks - BBC

BBC · 12/11/2019

€9.55 million GDPR fine for 1&1 Telecom in Germany - Data Privacy Manager

Data Privacy Manager · 12/11/2019

Other Fines for 1&1 Telecom GmbH

DateRegulationAmount (USD)Type
2020-11-11GDPR$972,000Failure to implement sufficient measures to ensure information security
2019-12-09GDPR$10,314,000Failure to implement sufficient measures to ensure information security