DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Order of Psychologists of Lombardy fined 30,000 € for inadequate data security protection and detection following ransomware attack

Posted on June 1, 2025 by Dissent

The Privacy Guarantor has fined the Order of Psychologists of the Lombardy Region [Ordine degli psicologi della Lombardia]  for 30 thousand euros for not having adopted adequate technical and organizational measures to guarantee data security.

The Guarantor intervened following some complaints and the notification of data breach made by the Order, which declared to have been hit by a sophisticated ransomware attack carried out by a group of cybercriminals. The violation involved the unauthorized access to the Order’s computer network, the encryption and exfiltration of numerous documents containing, in particular, personal data of members of the Register subjected to disciplinary proceedings and of several patients, including minors, and other persons involved in various capacities.

The attack also affected data belonging to special categories, such as those revealing racial or ethnic origin, religious or philosophical beliefs, trade union membership, sexual life or orientation, health, as well as data relating to criminal convictions and offences. Therefore, the data subjects were exposed to risks of discrimination, identity theft, fraud, reputational risks and other prejudices in the economic and social sphere.

After the ransom was not paid, the cybercriminals published the exfiltrated data on the dark web. However, the availability and integrity of the personal data were not compromised, and were recovered thanks to the procedures and backup systems.

The investigation by the Guarantor revealed that the Order had not adopted adequate measures to promptly detect violations of personal data and to guarantee the security of the processing systems. The sanction was imposed taking into account the seriousness and particularly sensitive nature of the data involved.

However, the collaboration of the Order was recognized, which communicated that it had adopted additional security measures to prevent future attacks and improve the protection of the personal data processed.

Read more about the ransomware attack by NoEscape in October 2023, the entity’s claims, and investigative results, as well as the required disciplinary measures at PressKit.it.

Category: Health DataNon-U.S.

Post navigation

← Lower Merion School District says a data breach was caused by a computer glitch (1)
Fraudsters, murderers, students: who the GRU assembled a team of hacker provocateurs from and why it failed →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Why Dumping Sensitive Data on Network Shares is a Liability
  • A militarily degraded Iran may turn to asymmetrical warfare – raising risk of proxy and cyber attacks
  • Pro-Russian hackers disrupt Dutch government websites ahead of NATO summit
  • Iran-Linked Threat Actors Leak Visitors and Athletes’ Data from Saudi Games
  • UK: Oxford City Council still investigating cyberattack from earlier this month
  • Steelmaker Nucor Says Hackers Stole Data in Recent Attack
  • People’s Republic of China cyber threat activity: Cyber Threat Bulletin
  • Ukrainian Web3 security auditing company Hacken suffered an attack that allowed a hacker to create 900 million HAI tokens
  • McLaren provides written notice to 743,131 patients after ransomware attack in July 2024 (1)
  • A state forensics lab was leaking its files. Getting it locked down involved a number of people.

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Sky Views Personal Data as a Potential Weapon in IPTV Piracy War
  • Florida Used a Nationwide Surveillance Camera Network 250 Times To Aid in Immigration Arrests
  • Federal Court Strikes Down HIPAA Reproductive Health Care Privacy Rule
  • The Markup caught 4 more states sharing personal health data with Big Tech
  • Privacy in the Big Sky State: Montana’s Consumer Privacy Law Gets Amended
  • UK Passes Data Use and Access Regulation Bill
  • Officials defend Liberal bill that would force hospitals, banks, hotels to hand over data

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.