The National Commission for Information Technology and Freedoms (CNIL) announced on 25th July a penalty amounting to one hundred and eighty miles (180,000) euros at the expense of the company Active Assurances.
Following a series of investigations carried out by the regulator, it has been proven that there is a security failure on the website of the insurance firm whose link follows: "www.activeassurances.fr", a failure that gives the possibility to apply for quotes, make subscriptions or contracts or even have access to its personal space.
You may also be interested in this article: How do you protect your personal data on the Internet?
As a result, through hyperlinks that were referenced, by a search engine, one could access the accounts of the insurance company's customers. In a statement, the CNIL stressed that data or any type of customer-related information could be accessible to anyone. As a result, anyone who knew how to use the search bars could obtain copies of certain documents. It was a customer who reported this flaw in June 2018. Because, from his account, he had noticed that he could have access to other customers' data.
The regulator also accuses Active Assurances of another breach in the protection of the data contained in its customers' accounts. Indeed, it notes that (CNIL) the passwords of some accounts corresponded to the dates of birth of its customers simply. In addition, just after creating their account, customers received their logins and passwords via e-mail. And the highlight was clearly mentioned in the message.
After his sentence against the firm The independent administrative authority, the CNIL, gave arguments to justify his fine. The regulator alleges that the personal data of the firm's clients (Active Insurance) has been breached. The data concerned are customer accounts, driver's licenses and RIB stores on the server of the active Insurance website. The CNIL maintains that they did not have strong protection. Their privacy has been exposed to theft and violations of all kinds.
This case is not isolated. The National Commission for Computer Science and Freedoms abbreviated CNIL, for some time, has been increasingly fined for failing to rain fines for non-compliance with personal data protection measures.
There are thousands of customers affected by this system failure that has affected the accounts of thousands of customers but also of some former people who have terminated their contract with the company for some time.
Thus, in accordance with the General Data Protection Regulation (short for RGPD), precisely in its Article 32, Active Assurance has been convicted of violating its obligation to protect (secure) personal data. The National Commission for Information Technology and Freedoms nevertheless acknowledges the firm's responsiveness to the discovery of the failure and welcomes.
Now access an unlimited number of passwords: