Confirmation of a Fine to Twitter due to Data Breach Notification by DPC
The Irish Data Protection Commission (“DPC”) imposed an administrative fine on Twitter International Company due to a data breach notification. The Dublin Circuit Court confirmed this fine on 18th of October, 2021.
The Inquiry was commenced in January 2019 following receipt of a breach notification from Twitter.
The breach, which occurred at TIC’s processor, Twitter Inc., was related to a bug whereby if a Twitter user with a protected account, using Twitter for Android, changed their email address, their account would become unprotected.
Twitter had to have notified the breach at the latest by 3 January 2019 to DPC. Twitter notified on 8 January 2019 the DPC of the personal data breach. The decision found that Twitter infringed Articles 33(1) and 33(5) of the GDPR in terms of a failure to notify the breach on time to DPC and a failure to adequately document the breach.
Twitter was imposed a €450,000 administrative fine due to the infringements.
You can reach the full text here.