Low Risk Data Exposure Notification
Important information
16 June 2022
We herewith notify you on a data breach when sending e-mail invoices on the 13 June 2022. Unfortunately a number of invoices were sent to wrong recipients resulting in merchants receiving invoices destined for a different merchant of Worldline Financial Services (Europe) S.A. We sincerely apologise for this.
As soon as we became aware of the issue we stopped the invoicing process. We immediately conducted a risk assessment and noted that in some cases the incorrect invoices contained personal data (first- and last name or single proprietorship companies, addresses), which were sent to unauthorized recipients. PLEASE NOTE that no additional personal information was revealed. We requested recipients of wrong invoices to delete them immediately.
Per risk assessment, there are no risks to the rights and freedoms of those involved and we therefore classified the risk level as ‘low’. Furthermore we want to assure you that we are continually monitoring suspicious activities in line with our information security program and ensure the highest level of data protection.
The invoices were re-issued yesterday morning (15/06/2022), after having implemented several control-checks in the issuance process. The correct invoices have been sent to the merchants on 15 June 2022.
In light of our transparency efforts, we have notified the data breach to the Luxembourgish Data Protection Authority (CNPD) on 15 June 2022.
Please contact our Customer Services team or your responsible Account Manager for further inquiries.
We assure to set all the relevant measures to prevent such an incident from happening again.
Kind regards,
Worldline Financial Services (Europe) S.A.
Yves Ganseman Robin Born
Head of Compliance Head Billing