In an unprecedented case, a German telecommunications provider has collected a record fine in the millions - Vodafone has to pay a full 45 million euros for serious data protection violations. It is the highest fine of its kind ever imposed by a German supervisory authority.
What happened? External sales partners, who were supposed to acquire new customers on behalf of Vodafone, apparently manipulated contracts in a fraudulent manner. Affected users thought they were on favourable tariff models - but in the end they received bills with significantly higher costs in some cases. Vodafone had neglected to monitor these partner companies - an omission that was penalised with a fine of 15 million euros alone.
But that was just the tip of the iceberg. Criminals gained access to customer data by intercepting passwords - either through classic phishing attacks or by faking false identities. In this way, they were able to take over so-called eSIM profiles via the customer hotline - with potentially fatal consequences. In theory, it would have been possible to gain access to online banking accounts and initiate transfers. So far, there is no evidence of any concrete damage, but this massive IT security leak cost Vodafone a further 30 million euros.
Vodafone has accepted the penalties without protest and has already paid the amount. In addition, voluntary donations in the millions were made to organisations that campaign for data protection, digital education and the fight against cyberbullying.
The Federal Data Protection Commissioner saw the proceedings as a signal that data protection in Germany is by no means ineffective.
Source: https://www.dr-datenschutz.de