The German telecom provider 1 & 1 Telecom must pay a fine of 9.55 million euros. The German privacy regulator BfDI has imposed the fine because the telephone help desk was poorly secured. Defective measures made it easy for malicious parties to obtain personal data from customers.
People who called 1 & 1 Telecom customer service just had to enter the name and date of birth of a customer to get more personal information. That is contrary to the GDPR, the European privacy law. This requires that companies take sufficient measures to secure data.
Poor security makes it possible for malicious parties to misuse customer service for their own gain. This technique is also called social engineering or social hacking , because the human link in the process is 'hacked' to gain information.
1 & 1 Telecom has promised to take measures to improve the security of its customer service. People who call the help desk should, as a result, put more effort into proving that they are actually who they claim to be.