The French company was fined on 28 May 2019 for failure to comply with its obligation to maintain the security of and to limit the storage of personal data. This fine is the most significant financial penalty imposed on a French company for data breaches to date, as it represents close to 1% of the yearly turnover of the fined company.
The investigation conducted by the CNIL on the Sergic website showed that any user could access documents and files stored by other users in their personal spaces, by slightly changing the URL address displayed in the browser. These documents included copies of ID cards, death and marriage certificates, banking information, as well as very sensitive information such as copies of health cards and social insurance cards.
Failure to maintain the security of personal data has become one of the heaviest risks for French companies since the entry into force of the GDPR. The CNILs recently published activity report states that the CNIL received 1,170 data breach notifications in 2018, compared to approximately 100 notifications in 2017.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now
We welcome comments that add value to the discussion. We attempt to block comments that use offensive language or appear to be spam, and our editors frequently review the comments to ensure they are appropriate. If you see a comment that you believe is inappropriate to the discussion, you can bring it to our attention by using the report abuse links. As the comments are written and submitted by visitors of the The Paypers website, they in no way represent the opinion of The Paypers.