UK and Greece recently imposed multi-million euro fines on organizations for data breaches leading to darknet exposure.
Recent GDPR Violations and Fines
On April 16, 2025, the UK’s ICO fined a law firm £60,000 after client data from sensitive legal documents was exposed in the darknet following a cyberattack.
Similarly, on February 28, 2024, Greece’s UUDO fined a state postal operator nearly 3 million euros for a comparable data breach.
Both authorities emphasized not just the data leakage but also the organizations’ inadequate security measures and delayed responses.
Understanding the Darknet Threat
The darknet, accessible only through specialized tools like the Tor browser, presents a significant risk for stolen or leaked data.
Once data enters the darknet, it becomes accessible to malicious actors, potentially leading to identity theft, financial fraud, and other cybercrimes.
Legal Implications for Data Breaches
Under RODO (GDPR), organizations face substantial penalties for data breaches, especially when they involve inadequate security measures or delayed reporting.
Companies must implement robust security protocols and have incident response plans to mitigate legal and financial consequences of data breaches.