August 29 (SeeNews) - DSK Bank, part of Hungarian banking group OTP, said it has been fined by the local data protection authority for "a non-digital data theft" from the bank and cooperates with the authorities to further improve its personal data protection measures.
"DSK Bank accepts the fine," the lender said in a statement late on Wednesday.
Bulgaria's Commission for Personal Data Protection said earlier in the day that it has imposed a 1 million levs ($566,600/511,200 euro) fine on DSK over unlawfully disclosed personal data of customers of the bank.
DSK Bank also said in the statement that in June it had informed the commission about the claims of a Bulgarian citizen formerly convicted of bank robbery that he was in possession of a database containing information about customers of the bank.
Following its own in-house investigation in June, DSK found no evidence of a successful cyber attack on its database but said it is possible that the unauthorised access to the database was gained via other, equally unlawful methods, the bank said.
The data protection commission said that personal data of 33,492 customers of DSK Bank from 23,270 loan files also containing personal data of an unlimited number of related persons was left without adequate protection by the bank. During the course of its month-long investigation the commission has found evidence that DSK Bank, as a personal data administrator, has failed to apply the relevant technical and organisational measures in order to ensure the protection of the personal details of individuals and third persons connected to them.
(1 euro = 1.95583 levs)
DSK Bank EAD is among the biggest banks in SEE. You can download our SEE Top 100 ranking
here or subscribe to our free Top 100 newsletter
here