DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

French watchdog fines Bouygues 250,000 euros for data security breach

Posted on December 27, 2018 by Dissent

Reuters reports that the CNIL has fined the Parisian telecom, but they don’t provide any real details as to what happened. But here’s a translation, via Google, of the CNIL’s press release:

In March 2018, the CNIL received a report informing it of the existence of a security incident which led to making freely accessible the personal data of customers of the B & You brand, held by BOUYGUES TELECOM. In the following days, the latter notified the data breach to the CNIL.

A check was made in the premises of the operator. This check confirmed the existence of a vulnerability allowing access to contracts and invoices of B & You customers by simply modifying a URL address on the BOUYGUES TELECOM website. This security flaw has impacted the data of more than two million B & You customers for more than two years. 

After being informed, the operator quickly corrected the vulnerability and the personal data of the customers were no longer freely accessible.
The restricted training of the CNIL imposed a financial penalty of 250 000 euros, considering that the company had breached its obligation to ensure the security of the personal data of users of its site, in accordance with Article 34 of the the law Informatique et Libertés .


Restricted training found that the security defect originated in the failure to reactivate on the site, after a test phase, the authentication function in the customer area which had been deactivated for the sole purpose of these tests . However, it considered that it was up to the company to be particularly vigilant as to the effectiveness of its authentication mechanism, given its choice not to put in place additional security measures.


The restricted training took into account the high reactivity of the operator in the resolution of the security incident as well as the numerous measures put in place by the company to limit its consequences.


The sanction imposed by the restricted training concerns facts that took place entirely before the entry into force of the European regulation on the protection of personal data.

No related posts.

Category: Business SectorCommentaries and AnalysesNon-U.S.Of Note

Post navigation

← Four months after disclosing breach, Adams County, Wisconsin notifies HHS
BevMo notifying thousands of customers after malware compromise of ecommerce site →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • National Health Care Fraud Takedown Results in 324 Defendants Charged in Connection with Over $14.6 Billion in Alleged Fraud
  • Swiss Health Foundation Radix Hit by Cyberattack Affecting Federal Data
  • Russian hackers get 7 and 5 years in prison for large-scale cyber attacks with ransomware, over 60 million euros in bitcoins seized
  • Bolton Walk-In Clinic patient data leak locked down (finally!)
  • 50 Customers of French Bank Hit by Insider SIM Swap Scam
  • Ontario health agency atHome ordered to inform 200,000 patients of March data breach
  • Fact-Checking Claims By Cybernews: The 16 Billion Record Data Breach That Wasn’t
  • Horizon Healthcare RCM discloses ransomware attack in December
  • Disgruntled IT Worker Jailed for Cyber Attack, Huddersfield
  • Hacker helped kill FBI sources, witnesses in El Chapo case, according to watchdog report

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • The Trump administration is building a national citizenship data system
  • Supreme Court Decision on Age Verification Tramples Free Speech and Undermines Privacy
  • New Jersey Issues Draft Privacy Regulations: The New
  • Hacker helped kill FBI sources, witnesses in El Chapo case, according to watchdog report
  • Germany Wants Apple, Google to Remove DeepSeek From Their App Stores
  • Supreme Court upholds Texas law requiring age verification on porn sites
  • Justices nix Medicaid ‘right’ to choose doctor, defunding Planned Parenthood in South Carolina

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.