The French info defense watchdog on Tuesday fined electric power service provider Électricité de France €600,000 for violating the European Union Standard Data Security Regulation (GDPR) specifications.
The Commission nationale de l’informatique et des libertés (CNIL) claimed the electrical utility breached European regulation by storing the passwords for more than 25,800 accounts by hashing them working with the MD5 algorithm as just lately as July 2022.
It can be value noting that MD5, a message digest algorithm, is regarded cryptographically damaged as of December 2008 owing to the risk of collision attacks.
Additionally, the authority observed that the passwords affiliated with 2,414,254 client accounts had only been hashed and not salted, exposing the account holders to opportunity cyber threats.
The probe also pointed fingers at EDF for failing to comply with GDPR knowledge retention policies and for providing “inaccurate facts on the origin of the knowledge gathered.”
“The quantity of the fine was determined taking into consideration the breaches noticed and the cooperation by the firm and all the steps it has taken during the proceedings to get to compliance with all alleged breaches,” the CNIL said.
The fines arrived fewer than two weeks following CNIL fined Discord €800,000 for its failure to regard data retention periods for inactive accounts and enforce a sturdy password coverage.
Identified this post interesting? Abide by THN on Fb, Twitter and LinkedIn to go through a lot more exceptional articles we publish.
Some components of this article are sourced from: