Data protection and security breaches were reported to the FDPIC by well-meaning hackers commonly referred to as "white hat hackers". For example, after receiving a tip-off from a member of the public, we carried out a fact-finding investigation into an inadequately secured database for private COVID-19 test centres. After it became apparent that the responsible parties had taken appropriate immediate measures after the issue had been brought to their attention and were able to prove that no third parties had accessed the data apart from the white hat hacker, we closed our investigation without making any recommendations. To ensure that all those involved act efficiently and in accordance with data protection legislation in such cases, the FDPIC has drawn up a fact sheet with practical suggestions on how to proceed.
Last modification 26.06.2023