Vendor announcements, headtechnology news, industry analytics, technology presentations and corporate press-release - stay up-to-date with the latest in IT Security announcements, advancements and researches.

Data leakage fines: TOP3 cases after the GDPR

On May 25, 2018, the EU adopted the comprehensive data protection mechanism accepted by the European Parliament in 2016 called General Data Protection Regulation (GDPR; 2016/679).


The companies had 2 years to prepare in accordance with the new requirements. The new Regulation caused a significant response. Non-compliance with its requirements promises fines - up to 4% of the annual turnover of companies or 20 million euros, and the Regulation applies not only to companies from the EU, but also to foreign ones, if they process personal data of individuals located in the EU. Below are 3 high-profile cases with fines for the leakage of personal data.

Hilton Domestic Operating Company, Inc. fine:  $ 420,000,000

NY General Prosecutor,  Eric T. Schneiderman passed a sentence to the hotel giant to pay $ 700,000  for two incidents occurred in 2015. When the company was hacked: information about credit cards was stolen, as well as personal data of 350,000 users.

The prosecutor also punished Hilton for total inaction in relation to this case. In February 2015, the company first learned that its customer's  database was stolen. Nevertheless, the company did not deem it necessary to inform their customers.

July 10, 2015, Hilton learned about  the second violation, which resulted in the personal data leakage from 363.952 credit cards. on November 24, 2015, nine months after the first incident, Hilton informed the public about the violation.

Under the new rules, companies such as Hilton can be fined up to 4% of annual profits! This is $ 1200 for each client of the company - $ 420 million.

Yandex massive data leakage

On July 4 in the evening, data leakage reordered from the Google documents service. The data was indexed by the search engine "Yandex", private personal information was available to absolutely any user.

The reasons and scope of the leak are unknown, Google and Yandex  refused to comment. The documents available by link became vulnerable.

After a while, Yandex eliminated the leak and closed the access to information. Thus,  protecting itself from  huge fines.

EClinicalWorks sued for 1 billion US Dollars

A1-dollar-short-of-a-billion-dollar class-action lawsuit against electronic health records (EHR) vendor eClinicalWorks, Westborough, Massachusetts, USA. The claim states that the EHR-system eClinicalWorks could not provide reliable protection to millions of patients. That alleges patients couldn’t trust their medical record’s accuracy due to flaws in the company’s software. The suit comes five months after the Ministry of Justice announced that the Venezuelan company in Westborough, Massachusetts, agreed to pay $ 155 million to settle the matter, and to conclude a five-year corporate integrity agreement with the Department of Health and the Office of the Inspector General by staff.

During the proceedings, the Department of Justice claimed that the company had falsely stated that it complied with the requirements of the HITECH Act EHR certification. The trial continues to this day.

More fines?

Many European companies have prepared beforehand for the introduction of new rules on personal data protection. Unfortunately, there are those who for some reasons ignored them. The aforesaid cases demonstrate how serious the implementation of the GDPR rules may be. Companies that do not conform to them will not be able to compete in the European market and will face huge fines - up to 20 million euros.

A set of tools to meet all the requirements of the GDPR

Kiteworks is Accellion's secure file sharing and management system that helps managers manage the exchange of confidential corporate information both internally and externally. Thousands of IT directors around the world trust Accellion, thereby providing protection to their organizations.

The Accellion platform helps demonstrate compliance with the GDPR regulations for content stored in Accellion or broadcast through the Accellion system:

  • Confidentiality through data protection (encryption and access control) 
  • Comprehensive audit trails 
  • Notification of violation 
  • Discovery 
  • Data visualization 

In addition, Accellion provides tools for observing the rights of data subjects (individuals):

  • Right to access data 
  • The right to portability of data 
  • Right to forget the data (delete)

Full Kiteworks Platform Overview

Go to regional site
OK (Redirect in 3 sec)

headtechnology UA

Levanevskogo Str., 6, office 79

03058 Kiev, Ukraine

tel.: +38 044 353 30 20

fax: +38 044 457 85 41


  • All

  • Hard

  • SaaS

  • Soft

  • Virtual