Data Protection Academy » Data Protection News » Data failure in the district office Coburg

A computer screen showing a programming language in black and white. Data breakdown at the Coburg District Office

Data failure in the district office Coburg

Date: 19.12.2019

Responsible body: District administration Coburg

Type of data protection violation: Data breakdown in the Coburg District Office due to hard disk

The data breach at the Coburg District Office was caused by a hard disk that was replaced by an external service provider after a defect. The service provider deleted the data from the hard drive and sold it to a third party. The problem is that the data was not properly deleted and thus not restored.

Around 12,000 data items such as documents, e-mails and passwords from the vehicle registration office and the youth welfare office in Coburg came into circulation. The data breach at the Coburg district office was reported to the responsible data protection supervisory authority, and the Cybercrime Central Office is investigating.

Practical tip: Use of hard disks

The individual-related data are to be processed prudently. Processing also includes the storage of data on media such as hard disks. If these are disposed of, it is imperative to ensure that the data they contain is no longer available.

Categories of data: Documents, passwords, e-mails

Country: Germany, Coburg

SourceBR

Back to the overview of the data breaches

Nadine Porrmann
Latest posts by Nadine Porrmann (see all)

This might interest you too:

Record of processing activities

Deletion concept according to DSGVO

Samples, templates and examples for your DSGVO deletion concept according to DIN 66398. Automatically create the deletion concept.
Record of processing activities

record of processing activities

List of processing activities according to Art. 30 DSGVO. Explained step by step with extensive information. Data protection made easy.
Data Protection Officer

Technical organisational measures (TOMs)

All information on the technical organisational measures according to the GDPR. What do responsible parties have to observe during implementation and documentation?