Bulgaria's Commission for Personal Data Protection fined local lender DSK Bank 1 million Bulgarian levs over a data breach that affected 33,492 customers.
The regulator said that customers' personal information, including names, personal identification numbers, addresses, tax and health documents were all compromised. Additionally, personal data of loan guarantors, spouses and contracting parties, which were part of 23,270 credit records, were breached by third parties.
The watchdog said DSK Bank failed to implement appropriate technical and organizational measures to guarantee protection and confidentiality of client data.
DSK Bank said it was fined by the data commission over a "non-digital data theft carried against it," Reuters reported, citing a statement of the bank. The lender said it accepts the regulator's fine and is cooperating with authorities to further improve its information protection systems.
The watchdog began an investigation into the breach after DSK Bank informed it in June of an approach by a former Bulgarian convict, who claimed to possess a database of personal details of the bank's clients. DSK Bank said internal checks showed that its systems were not breached and that the hack may have occurred through other illicit methods.
DSK Bank is a wholly owned unit of Hungary's OTP Bank Nyrt.
As of Aug. 28, US$1 was equivalent to 1.76 Bulgarian levs.
