Telecom KPN fined €364k over 2012 customer data hack
The Authority Consumer and Market gave KPN a fine of 364 thousand euros in December 2013 for inadequately securing the systems in which customers' personal information are stored.
The ACM launched an investigation after a hacker broke into the KPN network in January 2012. ACM wanted to determine how KPN secures its customers' personal data. The investigation showed that that prior to the hack, KPN had insufficient security on the systems and ACM issued the fine. KPN quickly brought the security of its networks in order after the hack.
ACM is only announcing the fine now because KPN had appealed against it at the court in Rotterdam. On January 8th the court of Rotterdam ruled that the fine was justified. KPN then turned to the Board of Trade and Industry, which ruled on the case on June 1st. According to ACM, this ruling made it possible to publish the penalty and the appeal decision.
"Customers make their personal information available to telecom companies in order to use their services. They do so in the confidence that these companies will handle their data carefully and properly protect it." said ACM board member Anita Vegter. "If this happens insufficiently, like in the case with KPN, it harms the consumer confidence in the telecom market. This is an undesirable situation which we act against."