CNIL fines Free Mobile €42 million for 2024 data breach

First reported

14.01.2026 21:50

Last updated

1 unique sources, 1 articles

Summary

Hide ▲

The French data protection authority (CNIL) has fined Free Mobile and its parent company, Free, a total of €42 million for inadequate protection of customer data during a 2024 breach. The incident exposed data of nearly 23 million subscribers, including IBANs for 25% of affected individuals. The breach stemmed from weak VPN authentication and ineffective activity monitoring, violating GDPR rules on data security, breach notification, and data retention. The CNIL investigation revealed that the companies failed to implement adequate security measures, notify affected individuals properly, and retain personal data only as long as necessary. Both companies must now complete their security improvements and data cleanup within specified deadlines.

Timeline

14.01.2026 21:50 1 articles · 23h ago

CNIL fines Free Mobile €42 million for 2024 data breach
The French data protection authority (CNIL) has fined Free Mobile and its parent company, Free, a total of €42 million for inadequate protection of customer data during a 2024 breach. The incident exposed data of nearly 23 million subscribers, including IBANs for 25% of affected individuals. The breach stemmed from weak VPN authentication and ineffective activity monitoring, violating GDPR rules on data security, breach notification, and data retention.
Show sources

France fines Free Mobile €42 million over 2024 data breach incident — www.bleepingcomputer.com — 14.01.2026 21:50
Open in new tab

Information Snippets

Free Mobile and Free were fined €42 million for GDPR violations related to a 2024 data breach.
First reported: 14.01.2026 21:50

1 source, 1 article
Show sources
- France fines Free Mobile €42 million over 2024 data breach incident — www.bleepingcomputer.com — 14.01.2026 21:50
The breach exposed data of nearly 23 million subscribers, including IBANs for 25% of affected individuals.
First reported: 14.01.2026 21:50

1 source, 1 article
Show sources
- France fines Free Mobile €42 million over 2024 data breach incident — www.bleepingcomputer.com — 14.01.2026 21:50
The breach was facilitated by weak VPN authentication and ineffective activity monitoring.
First reported: 14.01.2026 21:50

1 source, 1 article
Show sources
- France fines Free Mobile €42 million over 2024 data breach incident — www.bleepingcomputer.com — 14.01.2026 21:50
The CNIL found violations of GDPR Articles 32, 34, and 5(1)(e).
First reported: 14.01.2026 21:50

1 source, 1 article
Show sources
- France fines Free Mobile €42 million over 2024 data breach incident — www.bleepingcomputer.com — 14.01.2026 21:50
The companies must complete security improvements within three months and data cleanup within six months.
First reported: 14.01.2026 21:50

1 source, 1 article
Show sources
- France fines Free Mobile €42 million over 2024 data breach incident — www.bleepingcomputer.com — 14.01.2026 21:50