France fined largest energy company for storing customer passwords

The French supervisory data protection authority on November 29 fined électricité de France (EDF) for € 600,000 for violation of the requirements of GDPR.

National Commission on Informatics and Freedom (CNIL) She stated that the electric power company violated the European rules by saving passwords for more than 25,800 accounts, having drove them using the MD5 algorithm back in July 2022. It is worth noting that the MD5 is not recommended for use since 2008 due to the risk of a conflict attack.

In addition, passwords associated with more than 2.4 million customer accounts were only has it, and not “salted”, which subjected the owners of accounts to potential cyberosis.

According to documents, EDF was fined for non -compliance with the GDPR data storage policy and for providing “inaccurate information about the origin of the collected data.”

électricité de France is the largest state energy -generating company in France and the world’s largest company -operator of nuclear power plants. Electricite de France controls 59 NPP power units, providing power supply to 25 million houses.

/Media reports cited above.