DPC Fines University of Limerick €98,000 for Data Security Breaches (dataprotection.ie)

• DPC fined UL €98,000 for GDPR breaches from 2018-2020.
• Six phishing attacks compromised staff email accounts.
• UL failed to notify three breaches within 72 hours.
• UL failed to inform affected individuals of three high-risk breaches.
• UL's cooperation and remedial actions resulted in lower fines.

"The Irish Data Protection Commission (DPC) published a final decision fining the University of Limerick €98,000 for multiple GDPR infringements following 12 personal data breaches from November 2018 to January 2020. Six breaches involved phishing attacks compromising staff email accounts. The DPC found UL failed to implement appropriate security measures, maintain proper records, notify breaches within 72 hours, and inform affected individuals of high-risk breaches. UL received a reprimand and fines of €45,000, €3,000, €35,000, and €15,000 for various articles. UL's remedial actions and cooperation led to reduced fines."