[BreachExchange] OTP's Bulgarian unit fined for data breach affecting over 33, 000 clients

[Destry Winant]

https://www.reuters.com/article/us-otp-bank-bulgaria-fine/otps-bulgarian-unit-fined-for-data-breach-affecting-over-33000-clients-idUSKCN1VI22X

SOFIA (Reuters) - Bulgaria’s DSK Bank, a unit of Hungary’s OTP Group,
has been fined 1 million levs ($569,930) for a data breach that
afffected over 33,000 clients, the country’s Commission for Personal
Data Protection said on Wednesday.

The personal data watchdog said the full names, addresses, copies of
ID cards as well as bank account numbers and property deed data of
33,492 people who have taken loans from the bank had been improperly
disclosed and accessed by third parties.

Personal data of loan guarantors, spouses and contracting parties that
were part of over 23,000 loan dossiers had also been breached.

The Commission launched a probe into the leak after DSK said in June
it had been approached by a Bulgarian former convict who claimed to
have a database with personal details of its clients.

DSK said at the time it had carried out internal checks that showed
the bank’s systems had not been hacked, suggesting any leak of data
would have occurred through other illegal means.

“DSK Bank was fined by the Commission for Personal Data Protection
over a non-digital data theft carried against it,” the bank said in a
statement. “DSK Bank accepts the fine and cooperates with the
authorities to further improve its personal data protection measures.”

The Commission said it fined the bank for failing to introduce proper
technical and organizational measures to guarantee the confidentiality
of clients’ personal data at all times.