The Hungarian NAIH (Data Protection Authority) fined an unnamed company service 100,000,000 Hungarian Forint for failing to apply adequate security measures to protect user data. A hacker discovered the vulnerability and reported it to the controller, but the controller did not act. It was possible to reach databases containing personal data through the homepage, and the controlled failed to encrypt the database. Further, a database created for correcting failures was not deleted after task completion.

https://www.naih.hu/files/NAIH-2020-1160-10-hatarozat.pdf