French telecom companies Free and Free Mobile have been fined a collective €42 million (about $48.8 million) by the CNIL for violations of the General Data Protection Regulation (GDPR) following a significant data breach. The breach, which occurred in October 2024, compromised the personal data of over 24 million individuals, including sensitive financial information like IBANs, The Register reports.The attack on Free and Free Mobile, subsidiaries of Iliad Group, began on September 28, 2024, with attackers gaining access through the company VPN and exploiting a vulnerability in the MOBO subscriber management tool. This allowed access to customer data for both fixed-line and mobile services, affecting 19,460,891 Free Mobile contracts and 5,172,577 Free contracts.The CNIL found that the companies failed to implement robust security measures, including inadequate VPN authentication and ineffective systems for detecting abnormal activity. Furthermore, their data retention policies and breach notification procedures were deemed insufficient.Source: The Register
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds