Poland: Announced UODO lawsuit over data leak from pandabuy website

On 29 April 2024, the Personal Data Protection Office (UODO) notified the District Prosecutor's Office in Warsaw Śródmieście-Północ about a suspected crime involving the leak of personal data of customers from the pandabuy.com website. The data, including names, email addresses, phone numbers, and more, of 1.3 million customers worldwide, including Poland, were made available online. The leaked data was used to create an interactive map of Poland on various websites, violating personal data protection laws. UODO emphasises that the processing of this data without a legal basis is subject to penalties under the Personal Data Protection Act and the GDPR.