Online store Morele may pay a fine of almost 4 million zlotys for leaking the personal data of more than two million of its customers.
Morele.net is one of the largest and most popular online stores of consumer electronics in Poland. Since 2018, he has been involved in a giant data breach that exposed the sensitive personal data of more than two million of his clients online.
An unexpected turn in the issue of punishment for Morele.net
Due to “insufficient protection of personal data,” the Office for the Protection of Personal Data (UODO) imposed a fine of more than PLN 2.8 million on Morele in 2019. However, this decision was overturned by the Supreme Administrative Court (SAC) last year.
And when it seemed that the company had emerged from serious financial difficulties, the Office of Personal Data Protection again conducted administrative proceedings regarding the leak and imposed an even larger fine on the company.
In the second trial, officials argued that while a hack on a store’s website contributed to the data breach, it likely would not have occurred if not for the fact that the popular e-commerce platform did not have adequate security measures in place to protect it from such a breach. attacks.
As it turned out, the administrator responsible for the security of the store’s customers did not encrypt some of the data, did not use appropriate authentication, and did not analyze the risk associated with the ability to log into the platform through public networks.
All this allegedly contributed to unauthorized access to the store’s systems, resulting in a huge leak of personal data of more than 2.2 million people.
The fine for Morele.net amounted to almost 4 million zlotys
In the second explanatory process, the Personal Data Protection Service imposed an even larger fine on Morele.net than before, amounting to more than PLN 3.8 million.
A UODO representative explained in an interview with Rzeczpospolita that the amount of the fine was determined based on the recommendations of the European Data Protection Board, which clearly define the rules for calculating administrative fines.
Will the owners of the Morele.net store be forced to pay a record fine this time? As lawyer Jakub Vezgraj explained in an interview with the newspaper, the path to a final resolution of this case is still long, since now it can go to the Voivodeship Administrative Court, and then again to the Supreme Administrative Court.
I have been working as a news website writer for over 10 years. I have also authored several books on technology news. I am highly knowledgeable in the field of technology and enjoy sharing my insights with others. I am an active user of LinkedIn and use it to connect with other professionals in my field. I am always interested in learning new things and sharing my knowledge with others.