Privacy group fights European Parliament over massive HR data breach POLITICO
p
Employees ID cards birth certificates and medical records were compromised in the breach ppThe European Parliaments headache over a major human resources data breach earlier this year just wont fadeppAustriabased digital rights group noyb on Thursday said it had filed two complaints against the European Union institution for infringing the blocs flagship privacy law the General Data Protection Regulation GDPR over a data breach discovered before the summerppIn June Parliament notified up to 9000 staffers that it had suffered a data breach of its recruitment application PEOPLE which contained staffers ID details birth certificates employment history medical records marriage certificates which revealed sexual orientation and proof of work dating back 10 yearsppFollowing the leak Parliament advised those affected to replace their IDs and passports as a precautionary measure and offered to reimburse the costsppOn Thursday the noyb said it had lodged two complaints with the European Data Protection Supervisor EDPS on behalf of four Parliament employees Both complaints claim that the institution infringed the GDPR given that the breach compromised the confidentiality of personal data the institutions storage practices enabled the breach and it lacked adequate security measures despite known cybersecurity vulnerabilities citing two previously reported articles by POLITICOppBut the first represents a complainant whose sexual orientation was revealed following the leak of a certificate which according to noyb is a special category of datappThis breach comes after repeated cybersecurity incidents in EU institutions over the past year Lorea Mendiguren data protection lawyer at noyb said in a statement The Parliament has an obligation to ensure proper security measures given that its employees are likely targets for bad actorsppThe second alleges that Parliament refused to erase the personal data of a complainant made after the breach even though the complainant hadnt worked at the institution since 2018 which noyb deems unnecessaryppThe breach also shows that just getting rid of personal data in time could likely have limited the impact of the breach Max Schrems noybs cofounder said in a statementppNoyb alleges that the Parliament still doesnt seem to know the cause of the breach and asks the EDPS to use its powers to bring the institutions processing into compliance The rights group also suggests that the EDPS impose an appropriate administrative fine to prevent similar violations in the futureppThe Parliament did not respond to a request for comment in time for publication ppPolice wiretaps show the sprawling global nature of an investigation into Milanbased private detectives and their clients ppOligarchs new party snagged 11 percent of the vote but protesters are crying foulppThe president and former prime minister were among targets of hackers selling highly sensitive datappIn the countrys seventh election since 2021 voter participation remained lowp
Employees ID cards birth certificates and medical records were compromised in the breach ppThe European Parliaments headache over a major human resources data breach earlier this year just wont fadeppAustriabased digital rights group noyb on Thursday said it had filed two complaints against the European Union institution for infringing the blocs flagship privacy law the General Data Protection Regulation GDPR over a data breach discovered before the summerppIn June Parliament notified up to 9000 staffers that it had suffered a data breach of its recruitment application PEOPLE which contained staffers ID details birth certificates employment history medical records marriage certificates which revealed sexual orientation and proof of work dating back 10 yearsppFollowing the leak Parliament advised those affected to replace their IDs and passports as a precautionary measure and offered to reimburse the costsppOn Thursday the noyb said it had lodged two complaints with the European Data Protection Supervisor EDPS on behalf of four Parliament employees Both complaints claim that the institution infringed the GDPR given that the breach compromised the confidentiality of personal data the institutions storage practices enabled the breach and it lacked adequate security measures despite known cybersecurity vulnerabilities citing two previously reported articles by POLITICOppBut the first represents a complainant whose sexual orientation was revealed following the leak of a certificate which according to noyb is a special category of datappThis breach comes after repeated cybersecurity incidents in EU institutions over the past year Lorea Mendiguren data protection lawyer at noyb said in a statement The Parliament has an obligation to ensure proper security measures given that its employees are likely targets for bad actorsppThe second alleges that Parliament refused to erase the personal data of a complainant made after the breach even though the complainant hadnt worked at the institution since 2018 which noyb deems unnecessaryppThe breach also shows that just getting rid of personal data in time could likely have limited the impact of the breach Max Schrems noybs cofounder said in a statementppNoyb alleges that the Parliament still doesnt seem to know the cause of the breach and asks the EDPS to use its powers to bring the institutions processing into compliance The rights group also suggests that the EDPS impose an appropriate administrative fine to prevent similar violations in the futureppThe Parliament did not respond to a request for comment in time for publication ppPolice wiretaps show the sprawling global nature of an investigation into Milanbased private detectives and their clients ppOligarchs new party snagged 11 percent of the vote but protesters are crying foulppThe president and former prime minister were among targets of hackers selling highly sensitive datappIn the countrys seventh election since 2021 voter participation remained lowp
