Personal data of almost 300 payersmostly individuals, leaked from Health Insurance Institution – according to the website Prawa.pl, which was the first to report the incident. This includes information such as the PESEL number, ID card number or bank account number.
This is not an attack by cybercriminals, but a violation of procedures by one of ZUS employees, who is also a member of one of the trade unions operating in the plant. According to unofficial information from polsatnews.pl, it is about the Union Alternative.
Leak of personal data from ZUS. “The system has detected an incident”
The employee sent a message with employee details to the private e-mail address of the vice-president of the trade union. She was previously an employee of ZUS and served as the company’s union chairman – explains Prawa.pl.
LOOK: Polish store attacked by hackers. Customer data leaked
Reports about the leak were confirmed by polsatnews.pl ZUS spokesman Paweł Żebrowski. It was supposed to happen in the second half of March.
“The security system at the Social Insurance Institution detected an incident related to personal data breach by the employee. The case was reported, among others, to the President of the Personal Data Protection Office. ZUS is also obliged to submit an appropriate one notifications to the prosecutor’s office – we read in the statement sent by the spokesman.
Data security breach at ZUS. Disciplinary dismissal
As Żebrowski said, ZUS “will inform the person about the incidentto which this case concerns”. Although no one is suspected of trying to use personal data for illegal activities or fraud, the very transmission, i.e. processing of personal data of ZUS payers for purposes for which consent was not given, may be treated as a crime.
– Professional consequences were imposed on the employee who committed the violation. He was dismissed for disciplinary reasons – said the spokesman.
SEE: Opening of the transfer window at ZUS. How to use it?
As we read in art. 107. of the Act on the Protection of Personal Data, the person “who processes personal data even though their processing is not permitted or is not authorized to process them, is subject to a fine and restriction of liberty or imprisonment for up to two years.”
Your browser does not support the video player… Read more