Last fall, Free suffered a cyberattack. Millions of customers' data, including IBANs, were stolen and shared on black markets. As scams targeting Free subscribers increase, the French National Commission for Information Technology and Civil Liberties (CNIL) has opened an investigation. The investigations aim to determine whether Xavier Niel's operator took adequate measures to protect its customers' personal data.
As part of the investigation, the CNIL carried out a series of inspections at Free's premises in Paris. Based on the information collected, the data protection agency has decided to initiate sanctions proceedings against Free. According to the latest news, the CNIL has asked a member of its college to collect evidence on "GDPR breaches" by Free, with a view to sanctioning it.
UFC-Que Choisir refers the matter to the CNIL
While the procedure continues, UFC-Que Choisir, the French consumer protection association, has referred the matter to the CNIL to demand "proportionate and dissuasive measures if any fault, negligence or failure on the part of the operator is proven". As the association indicates, numerous security breaches have already been observed at Free in the past. The CNIL has already sanctioned Free in 2022 by imposing a fine of 300,000 euros.
Furthermore, UFC highlights the "massive number of users affected", namely 19 million, and the "serious risks incurred by consumer victims". Numerous phishing campaigns are underway targeting Free customers using compromised data last year. In particular, a wave of fake bank advisor scams was recorded. Another scam, exploiting data stolen from Free, involved pretending to be Amazon to deceive victims via email. In view of the threats facing Internet users, the association is calling for strong measures from the CNIL.
Finally, the UFC article points out that data leaks continue to increase in France. Many companies continue to bear the brunt of cybercriminals, including Indigo, Alain Afflelou, and Easy Cash. Aware of the situation, the CNIL intends to conduct more inspections in France throughout the year. The organization wants to ensure that companies are properly protecting French citizens' data. With the help of ANSSI, it will monitor the security measures taken by companies located in France. Secondly, the CNIL wants to implement an effective "repressive action," which is in line with the UFC's grievances.
Source: UFC-Que Choisir
0 Comments