On 8 September 2020, the Romanian DPA announced a fine of EUR 2,000 was imposed on a data controller providing communication services in health care industry for failure to ensure the security of data. The investigation was carried out following a data breach notification
While organizing an online event, the login data of some individuals were transmitted by mistake to other e-mail addresses than those used to create an account into the platform, which led to unauthorized disclosure and access to data.
The full press release is available here (only in Romanian).
