SlimPay fined €180k after 12 million customers' bank data publicly accessible for 5 years SlimPay, a Paris-based subscription payment services company, has been fined €180,000 by the French CNIL regulatory body after it was found to have held sensitive customer data on a publicly accessible server for five years. The firm describes itself as a leader in recurring payments for subscriptions, and provides an API and …
118K fine for over 12Million victims means each victim was only worth 0.0098333. Oh yes, I can see how such a massive fine will cause them to tremble in fear lest it happen again.
Or, more likely, the C-level officers will shake the money out of petty change, give the regulator TheFinger, & carry on fucking folks over with impugnity.
Unless that fine is per day, per victim, & personally, criminally, financially unable to be erased via bankruptcy, payable by said execs, they won't care, won't notice, & won't even break stride before doing it again.
Once again Yes Minister is there.
"The Germans will love it, the French will ignore it and the Italians and the Irish will be too chaotic to enforce it. Only the British will resent it."
They were talking about the European Identity Card but still. Oh and the Irish actually do give a fig given what they want to fine Facebork.
C'mon El Reg,
I don't think any credit is due to them.
I'm a bit perplexed why you would big them up for belatedly doing something (after they were notified) that they should have actioned years earlier.
Maybe just me, and probably why I don't write for money and just spaff out comments on here!
Happy New Year to all BTW.
Cheers!
Is a fireable offense- contracts terminated immediately if Visa or MC catch one of their processors doing it. Military also loves to have whiz bang contractors packing TS USB sticks to test classification software. Tax departments spend big buck on sanitized pseudo production data, costing millions each year. Then there a 5 audits in a row, five annual reports that missed this. That should amount to five fines and the sacking of whatever tame in-pocket company doing their reports. I would say many sites casually break this rule, at least 40%. Why? Because people know know data - once called data administrators are extinct as a species, or cower under pressure. Plus someone trusted has to convert the production data - in a dedicated environment with loads of storage and sort cpu cycles. That expense is also shunned. In all, the fine is a pittance, and they saved buckets of money. Nothing has been learned. Now they will apply for an authorized exception.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
