A Bulgarian Bank, DSK, part of the Hungarian OTP Group has been fined 1 million levas ($569,930) for a data breach that affected over 33,000 clients. The information was announced by the country’s Commission for Personal Data Protection on Wednesday, 28th of August.
Apparently the full names, addresses, copies of ID cards as well as bank account numbers and property deed data of 33,492 people who have taken loans from the bank had been improperly disclosed and accessed by third parties. What is more, the personal information of loan guarantors, spouses and contracting parties that were part of over 23,000 loan dossiers had also been breached.
DSK explain to the Regulator that back in June it was approached by a Bulgarian former convict who claimed to have a database with personal details of its clients. As a result the Commission launched a probe into the leak.
DSK began carrying out internal checks that showed the bank’s systems had not been hacked, suggesting any leak of data would have occurred through other illegal means.
“DSK Bank was fined by the Commission for Personal Data Protection over a non-digital data theft carried against it,” the bank said in a statement. “DSK Bank accepts the fine and cooperates with the authorities to further improve its personal data protection measures.”
The Commission said it fined the bank for failing to introduce proper technical and organisational measures to guarantee the confidentiality of clients’ personal data at all times.