The French Data Protection Authority (the CNIL) imposed a record 250,000 euros fine on Optical Center for having insufficiently secured the personal data of its customers.
Customers could access more than 300,000 documents (mainly invoices) of other customers by entering several URLs in a browser’s address bar.
TPRM report: https://scoringcyber.rankiteo.com/company/optical-center
"id": "opt2119181122",
"linkid": "optical-center",
"type": "Data Leak",
"date": "06/2018",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'industry': 'Healthcare',
'location': 'France',
'name': 'Optical Center',
'type': 'Company'}],
'attack_vector': 'Insecure Direct Object References (IDOR)',
'data_breach': {'file_types_exposed': ['Invoices'],
'number_of_records_exposed': '300,000',
'type_of_data_compromised': 'Personal Data'},
'description': 'The French Data Protection Authority (the CNIL) imposed a '
'record 250,000 euros fine on Optical Center for having '
'insufficiently secured the personal data of its customers. '
'Customers could access more than 300,000 documents (mainly '
'invoices) of other customers by entering several URLs in a '
'browser’s address bar.',
'impact': {'data_compromised': '300,000 documents (mainly invoices)',
'legal_liabilities': '250,000 euros fine'},
'post_incident_analysis': {'root_causes': 'Insufficient URL Security'},
'references': [{'source': 'CNIL'}],
'regulatory_compliance': {'fines_imposed': '250,000 euros',
'regulations_violated': 'GDPR'},
'title': 'Optical Center Data Breach',
'type': 'Data Breach',
'vulnerability_exploited': 'Insufficient URL Security'}