Sanction. The Cnil imposed a fine of 1.5 million euros on the software publisher Dedalus after a massive leak of data, sometimes sensitive, in medical analysis laboratories, which had affected nearly 500,000 people, a- she said Thursday.
“The amount of this fine was decided in view of the seriousness of the shortcomings retained but also taking into account the turnover of the company Dedalus Biologie”, indicated Thursday the policeman of personal data in a press release.
HIV, cancers, genetic diseases…
The data accessible on cybercriminal sites and forums included in particular “the surname, first name, social security number, name of the prescribing doctor, date of the examination but also and above all medical information (HIV, cancers, genetic diseases, pregnancies, treatments drugs followed by the patient, or even genetic data) of these people have thus been disseminated on the internet”, recalled the Cnil in its press release.
The leak had been revealed in particular by the daily Liberation and the specialized cybersecurity blog Zataz in February 2021. “We can find this file in 7 different places on the internet”, then specified Damien Bancal, journalist specializing in cybersecurity, who has the first identified the leak on February 14 on his Zataz blog. According to him, this file was the subject of a commercial negotiation between several hackers on a Telegram group specializing in the exchange of stolen databases, and one of them distributed it for free following a dispute. “500,000 pieces of data is already huge and nothing prevents us from thinking that hackers still have a lot more,” he explains.