Skip to content
Enforcement
EN

ACTIVE ASSURANCES (car insurer): Insufficient technical and organisational measures to ensure information security

€180,000 fine - French Data Protection Authority (CNIL)

€180,000 Fine
ACTIVE ASSURANCES (car insurer)
FRANCE
Insufficient technical and organisational measures to ensure information security

Content

Large amount of customer accounts, clients' documents (including copies of driver's licences, vehicle registration, bank statements and documents to determine whether a person had been the subject of a licence withdrawal) and data were easily accesible online. The CNIL, between others, critizised the password management (unauthorized access was possible without any authentication).

GDPR Articles: Art. 32 GDPR
Industry: Finance, Insurance and Consulting