According to Il Sole24 Ore (the Italian financial daily newspaper), the Agenzia delle entrate (the public body entitled to the processing of Italian citizen’s tax information – about 20 billion, says the newspaper) has been shut down because of a bug allowing unrestricted access to those tax related information.
This is a clear infringement of the data protection by design and by default rule, as well as evidence that a poor security check has been done before opening the server to the Internet. But the Italian Data Protection Authority, instead of starting an investigation, just “asked for information”, a rather odd behaviour if compared to the attitude showed by the Authority toward the private sector.
I wonder if the DPA will use the very same light approach when a similar – and maybe less threatening – even should happen to some non public entity.