DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Order of Psychologists of Lombardy fined 30,000 € for inadequate data security protection and detection following ransomware attack

Posted on June 1, 2025 by Dissent

The Privacy Guarantor has fined the Order of Psychologists of the Lombardy Region [Ordine degli psicologi della Lombardia]  for 30 thousand euros for not having adopted adequate technical and organizational measures to guarantee data security.

The Guarantor intervened following some complaints and the notification of data breach made by the Order, which declared to have been hit by a sophisticated ransomware attack carried out by a group of cybercriminals. The violation involved the unauthorized access to the Order’s computer network, the encryption and exfiltration of numerous documents containing, in particular, personal data of members of the Register subjected to disciplinary proceedings and of several patients, including minors, and other persons involved in various capacities.

The attack also affected data belonging to special categories, such as those revealing racial or ethnic origin, religious or philosophical beliefs, trade union membership, sexual life or orientation, health, as well as data relating to criminal convictions and offences. Therefore, the data subjects were exposed to risks of discrimination, identity theft, fraud, reputational risks and other prejudices in the economic and social sphere.

After the ransom was not paid, the cybercriminals published the exfiltrated data on the dark web. However, the availability and integrity of the personal data were not compromised, and were recovered thanks to the procedures and backup systems.

The investigation by the Guarantor revealed that the Order had not adopted adequate measures to promptly detect violations of personal data and to guarantee the security of the processing systems. The sanction was imposed taking into account the seriousness and particularly sensitive nature of the data involved.

However, the collaboration of the Order was recognized, which communicated that it had adopted additional security measures to prevent future attacks and improve the protection of the personal data processed.

Read more about the ransomware attack by NoEscape in October 2023, the entity’s claims, and investigative results, as well as the required disciplinary measures at PressKit.it.

Category: Health DataNon-U.S.

Post navigation

← Lower Merion School District says a data breach was caused by a computer glitch (1)
Fraudsters, murderers, students: who the GRU assembled a team of hacker provocateurs from and why it failed →

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Central Maine Healthcare tackles suspected cybersecurity issue; hospitals remain open
  • Cartier Data Breach: Luxury Retailer Warns Customers that Personal Data Was Exposed
  • Beyond the Pond Phish: Unraveling Lazarus Group’s Evolving Tactics
  • Akira doesn’t keep its promises to victims — SuspectFile
  • Fraudsters, murderers, students: who the GRU assembled a team of hacker provocateurs from and why it failed
  • Order of Psychologists of Lombardy fined 30,000 € for inadequate data security protection and detection following ransomware attack
  • Lower Merion School District says a data breach was caused by a computer glitch (1)
  • After $1 Million Ransom Demand, Virgin Islands Lottery Restores Operations Without Paying Hackers
  • Junior Defence Contractor Arrested For Leaking Indian Naval Secrets To Suspected Pakistani Spies
  • Mysterious leaker GangExposed outs Conti kingpins in massive ransomware data dump

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Stewart Baker vs. Orin Kerr on “The Digital Fourth Amendment”
  • Fears Grow Over ICE’s Reach Into Schools
  • Resource: HoganLovells Asia-Pacific Data, Privacy and Cybersecurity Guide 2025
  • She Got an Abortion. So A Texas Cop Used 83,000 Cameras to Track Her Down.
  • Why AI May Be Listening In on Your Next Doctor’s Appointment
  • Watch out for activist judges trying to deprive us of our rights to safe reproductive healthcare
  • Nebraska Bans Minor Social Media Accounts Without Parental Consent

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.