Tech & Science : Free was not serious enough to secure passwords

Data: The CNIL sanctions EDF up to 600,000 euros

© Sameer al-Doumy The CNIL sanctioned EDF of a fine of 600,000 euros for infringements relating to personal data and commercial prospecting, said the gendarme on Tuesday French Personal Data The CNIL sanctioned EDF of a fine of 600,000 euros for offenses relating to personal data and commercial prospecting, the French gendarme of personal data said on Tuesday.

supplied by Numerama Tom Hanks

The CNIL inflicts a fine of 300,000 euros on the free operator for multiple RGPD offenses. Among the breaches: a too lax password management policy.

The CNIL inflicts a fine of 300,000 euros on the operator Free for multiple offenses to the GDPR. Among the breaches: a too lax password management policy.

Tour de Free to have it stuck by the National Commission for Data Protection (CNIL) for breaches of the General Data Protection Regulations ( RGPD ). In a press release published on December 8, the French authority in charge of ensuring that the legislation on the processing of Personal Information has been properly compl with the operator.

Bill Shorten orders investigation into claims former cabinet minister Stuart Robert intervened to help friends win Centrelink contract

NDIS Minister Bill Shorten says concerning new reports of former cabinet minister Stuart Robert's alleged interference to help negotiate a multimillion-dollar Centrelink contract will be investigated "thoroughly", as Mr Robert denies any misconduct.Nine newspapers have reported that consulting firm Synergy360, whose shareholders are close friends of Mr Robert, claimed in leaked emails that the then-NDIS minister had allegedly met with them several times over a multimillion-dollar Centrelink contract, which was ultimately won by a client of the firm.

of notable weaknesses in the management of passwords

Four major offenses have been noted, including that linked to the obligation to ensure the security of personal data. In particular, the administrative body noted an insufficient policy concerning passwords , with procedures which are no longer suitable in 2022. All of these violations caused a financial sanction of 300,000 euros fine.

In detail, the CNIL noted that:

The password generated at the time of creating a new account on the website of the Internet access provider was "insufficiently robust"; this same weakness was noted during a recovery procedure or during a password renewal; © supplied by Numerama The operator did not follow the best practices in terms of password. // Source: Ulrich Rozier for Numerama All passwords generated when creating an account from the site "was stored in clear in the company's subscribers' database"; newly created passwords n 'were neither temporary nor under an obligation to change it; these passwords were transmitted in clear by email or by post; the password which was associated with the electronic messaging account "free.fr" was Transmitted by the company by email or postal mail to the user and indicated in clear in the body of the message;

In the deliberation of the CNIL , it is noted that Free "announced that it has taken several measures to comply with the obligations [...] with regard to the security relating to passwords". This includes strengthening the robustness of the codes generated and compulsory renewal during a recovery procedure or from the first connection.

Higgins speaks about court impact

Brittany Higgins has highlighted the impact the criminal justice system has on people who come forward with sexual assault complaints.The prosecution of a man alleged to have raped Ms Higgins in Parliament House in 2019 was last week dropped due to concerns about her mental wellbeing.

Furthermore, the clear storage of passwords in its database ended, as is the transmission of passwords of new subscribers in email. Welcome and necessary changes to return to the RGPD nails, but which do not absolish the operator of these past errors. The CNIL has taken it into account in its sanction.

The sanction is moderate given the fine possibilities that the GDPR allows and with regard to the size of a group as free. In addition to the 300,000 euros fine, and the group's public denunciation, the CNIL leaves ISP three months to comply on all other points. Otherwise, it will be the subject of a delay day of 500 euros.

to go further passwords: the 5 essential tips to stop doing anything

think of our newsletters to follow Numerama

X1