DSK Bank fined for data breach affecting over 33,000 clients
Bulgaria’s DSK Bank, a unit of Hungary’s OTP Group, has been fined BGN1 million ($569,930) for a data breach that affected over 33,000 clients, according to the country’s Commission for Personal Data Protection on 28 August.
The personal data watchdog states that the full names, addresses, copies of ID cards as well as bank account numbers and property deed data of 33,492 people who have taken loans from the bank had been improperly disclosed and accessed by third parties.
Personal data of loan guarantors, spouses and contracting parties that were part of over 23,000 loan dossiers had also been breached.
A Reuters report notes that the Commission launched a probe into the leak after DSK mentioned that it had been approached by a Bulgarian former convict who claimed to have a database with personal details of its clients in June.
DSK pointed that it had carried out internal checks at the time that showed the bank’s systems had not been hacked, suggesting any leak of data would have occurred through other illegal means.
“DSK Bank was fined by the Commission for Personal Data Protection over a non-digital data theft carried against it,” says the bank in a statement. “DSK Bank accepts the fine and cooperates with the authorities to further improve its personal data protection measures.”
The Commission has fined the bank for failing to introduce proper technical and organisational measures to guarantee the confidentiality of clients’ personal data at all times.