Skip to main content
  • LAT
  • ENG

                           
The project is implemented within the framework of the ERAF Technology Transfer Program.
The aim of the project is to digitize and to improve the effectiveness of data protection services for SME, significantly reducing their costs.
  • Home
  • Services
  • E-Shop
  • Contacts
  • Blog

Data breach fairy tale

November 14, 2020 at 1:31 pm, No comments

In 2018 the biggest Polish online retailer Morele.net (founded in 2000) lost 2.2 million customer data, including names, email, delivery addresses and telephone numbers. In September 19, 2019 it suffered 660,000 EUR fine, the highest fine in Poland we heard until this moment. Polish data protection authority (UODO) identified poor monitoring of potential threats and slow reaction to unusual behaviour. Additionally, Morele.net has not been able to demonstrate the customer consent where it should have.

According to ENISA, 60% of companies which suffered cyber attack stop operations within 6 months of attack. In case of smaller entities this is even faster. In case of Morele, since 2018 it has taken strategic actions in the area of reconstruction, strengthening and improvement of infrastructure security:

-Two-step verification when changing the email address and phone number assigned to the user's account;

- changing the hashing method and hashing sensitive data;

- expanding the monitoring of internal systems;

- additional anti-bot verification,

and at the beginning of 2019, customers received access to the morele.net application and for changes introduced in the field of visual communication on the website, the company received a nomination for the prestigious Mobile Trends Awards 2018 in the category mobile or rwd website for the redesign of the mobile website and in the stores belonging to the company.

Risen from the ashes, kept afloat and already announced an appeal against UODO decision.

And this is not only Morele story. There is still a presence of an online retailers which still have not grasped the importance of protection of data that their customers entrust to them. This is them who are responsible for the pro-active interest and activity towards privacy, security and protection by default, and not the consumer who considered to be responsible for the assessment of retailer. There is a category of consumers which are not well aware of the internet life and its rules, and retailers know it and shall be responsible for that people safety. If one does not want to learn a hard way, this is another good practical example which shall effectively discourage from violating personal data protection provisions in future.

Author: Marina Briškena, DPO

No comments

Leave a reply







Recent Posts

  • GDPR impact on Web Privacy
    14. Nov. 2020
  • Data breach fairy tale
    14. Nov. 2020
  • Why is it important to determine your role in personal data processing? Controller or processor?
    14. Nov. 2020
  • 90% COOKIE BANNERS ARE WRONG
    14. Nov. 2020

Cart

Cart is empty.