Data leak in Opole territory Court

More than 350 editors in chief of local periodicals have been severely leaked in the Opole territory Court. According to justice Daniel Klis, the court's press secretary, the incidental occurred as a consequence of the misaction of a court official.

How did the data come out?

The event took place after an unspecified applicant requested data from the registry of journals and journals kept by the court. Press titles, publishers' office and editors' data were requested.

– Unfortunately, due to the mistake of a court employee, this scope of data provided to the applicant was much wider. Data delicate to residence addresses, PESEL numbers, citizenship issues were besides provided. This applies to all registered magazines in the registry maintained by the Opole territory Court," explains justice Daniel Klis.

What data has been released?

As a consequence of an erroneous decision by a court official, among others, it was made public:

• names,
• residence addresses,
• PESEL numbers,
• information on citizenship.

This data may be utilized for criminal purposes, specified as identity theft or fraud, e.g. borrowing or telecommunication contracts without the consent of the victims.

What is the threat of specified a data leak?

The disclosure of PESEL numbers and address data poses a real threat to those affected. According to analyses of cybersecurity experts, these data may be utilized for:

• forgery of documents,
• conclusion of banking and service contracts,
• committing fraud online.

Judge Klis stressed that the court is taking immediate action to limit possible damage:

– The president of the Office for individual Data Protection (UODO) was informed, and curious persons were informed of this unfortunate incident. They were informed how these data could be utilized and how to possibly defend themselves. In this respect, the court provides assistance and advice, provided by a press spokesman.

Reaction of the territory Court and UODO

After the leak occurred, the Opole territory Court fulfilled its work to study the incidental to the UODO, which is due to Art. 33 GDPR (General Data Protection Regulation). The supervisory authority shall identify the case in the context of a breach of individual data protection rules.

A advanced financial penalty, up to EUR 20 million or 4% of the global yearly turnover, may be threatened for breach of the GDPR – although in the case of public institutions, penalties are determined individually, taking into account the nature of the mistake and the corrective action taken.

In addition, the court began interior investigations to establish work for worker mistake and to draw disciplinary consequences.

Case-law

Similar cases of data leaks in public institutions have already been assessed by the EU Court of Justice and the general courts in Poland. 1 provision of the ultimate Administrative Court stated that "infringement of the rules on the protection of individual data involves the request to exercise peculiar caution on the part of the data controller".

In addition, in the judgement of the Provincial Administrative Court in Warsaw of 12 April 2021, the court considered that the deficiency of prompt consequence of the admin to the breach of data safety constitutes a crucial violation of the GDPR.

What can victims do?

Persons whose data may have been compromised should:

• regularly monitor your bank accounts and login past for online services,
• report to the Bureau of economical Information or the National registry of Debtors to control unauthorised lending,
• consider submitting a notification to the police or the prosecution in the event of suspected unauthorised usage of the data,
• use the assistance offered by the Opole territory Court.

The court apologized to the injured

Judge Klis besides stressed the moral aspect of this event:

– On the part of the court, an apology is due to those persons whose data has been unlawfully made public. We realize that this is an highly unpleasant and delicate situation.

Summary

The leak of data in the Opole territory Court is another example of how crucial it is to guarantee the safety of individual data, especially in public institutions. Although there is presently no information about the usage of data in a criminal way, this hazard exists. Those affected should take peculiar care and follow developments.