Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Not really. That links to a list of all enforcement actions.

If you search for "technical" you get "organisational and technical measures", and most are organisational rather than technical.

If you search by the word "hack" which seems to be the seems to be the usual terminology used there for vulnerabilities being exploited. There are 18 of these of 2182 entries. Not even one per EU country since 2018. Given how common data breaches are it is a tiny number.

Most of them do not give details, but those that do suggest the fines are levied only in extreme cases (for example allowing unauthenticated internet access to medical data: https://www.enforcementtracker.com/ETid-1015 ) or for certain types of failure (e.g. not having MFA). Most do not give details.

its better than I thought, but still far too little, and all the cases where any details are given it is for only a very narrow range of failures.



The search function isn't that good, "Insufficient technical and organisational measures to ensure information security" are basically all data leaks.

Here's a few famous ones, most of which are of course a few years old since government agencies tend to move slow but more recent ones will get what's coming for them.

https://www.theguardian.com/technology/2022/nov/28/meta-fine...

https://ico.org.uk/media/action-weve-taken/mpns/2618524/marr...

https://en.wikipedia.org/wiki/British_Airways_data_breach#Co...

https://www.bbc.com/news/technology-54931873


Yes, but, as I said, a lot of them are organisational data leaks due to people's actions, not due to technical flaws.

The news stores are more encouraging. Thanks.




Consider applying for YC's Summer 2026 batch! Applications are open till May 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: