Maynooth University: Insufficient technical and organisational measures to ensure information security

The Irish DPA has imposed a fine of EUR 40,000 on Maynooth University. The controller failed to implement adequate technical and organisational measures, resulting in an unauthorised third party gaining access to multiple employees' email accounts, which the third party then used for fraudulent purposes.

GDPR Articles: Art. 5 (1) f) GDPR, Art. 32 (1) GDPR, Art. 33 (1) GDPR
Industry: Public Sector and Education