Twitch Fined $58,000 for Major Data Breach by Turkiye’s Data Protection Board

• Popular game streaming platform Twitch suffered a data breach that impacted north of 35,000 people in Turkiye.
• Turkiye's Personal Data Protection Board imposed a hefty penalty, citing Twitch's failure to report the breach promptly and its poor security measures.
• Twitch is yet to comment on the development, but the news raises concerns regarding the security of the service’s data protection measures worldwide.

Turkiye's Personal Data Protection Board (KVKK) has imposed a 2 million lira fine on Amazon.com's gaming platform Twitch following a substantial data breach, which saw a massive 125 GB of data leaked. 

Breaking down the penalties, the Board levied a 1.75 million lira fine for inadequate security measures and an additional 250,000 lira for Twitch's failure to report the breach promptly. These amounts round up to roughly US $58,000. 

The huge security incident affected 35,274 individuals in Turkiye, underscoring the vulnerabilities in Twitch's data protection measures, according to Anadolu Agency, cited by Reuters. 

KVKK's investigation revealed Twitch's failure to implement adequate security protocols prior to the breach and highlighted insufficient risk and threat assessments. 

The repercussions of this breach may influence not only Twitch but also similar platforms to reassess and fortify their cybersecurity infrastructure to prevent future incidents. 

Failing to report security incidents promptly and not implementing adequate measures to prevent unauthorized access to sensitive data led CFIUS to conclude T-Mobile’s data breaches harmed the U.S. national security interests and levy an unprecedented $60 million fine, the largest penalty imposed by CFIUS to date.

In other news, software firm Advanced could be issued a £6.09 million ($7.75 million) fine for the NHS data breach after an investigation revealed the NHS vendor did not properly secure the information stolen in the August 2022 LockBit ransomware attack.

Recently, the Irish Data Protection Commission (DPC) has levied a €310 million fine on recruitment website LinkedIn for breaching the EU's General Data Protection Regulation (GDPR), in one of the most substantial penalties in GDPR's enforcement history.