Enforcement
EN GENPACT ROMANIA SRL: Insufficient technical and organisational measures to ensure information security
€10,000 fine - Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP)
Content
The Romanian DPA has imposed a fine of EUR 10,000 on GENPACT ROMANIA SRL. The controller suffered a successful cyber attack due to insufficient technical and organisational measures. The attacker was able to exploit vulnerabilities in some passwords and in the way user accounts' authentication could be reset.
GDPR Articles: Art. 32 (1) b), (2) GDPR
Industry: Finance, Insurance and Consulting