A German internet service provider faces a €9.6m ($10.6m; £8m) fine after being accused of failing to carry out tough enough customer ID checks.
Germany’s data protection watchdog said anyone who called 1&1 Telecom could get extensive personal information about someone else solely by giving their name and date of birth.
Fraudsters can easily collect such details from social networks and elsewhere on the net.
But the firm is challenging the ruling.
It said it did not accept the decision and intended to sue the authority.
The sum represents one of the largest penalties imposed under the EU’s GDPR (General Data Protection Regulation).
1&1 Telecom said the fine was “absolutely disproportionate” because the regulator had based its calculations on the wider company’s sales.
On that basis “even the smallest discrepancy can result in huge fines” ... Read even more