French CNIL Imposes €1.7M Fine on IT Software Consultant Nexpublica

AI Model: Unspecified generative AI tool SecurityConsultingSanction

I. Executive Summary

The CNIL sanctioned a software consultancy for structural security flaws in its user relationship management software used by public bodies.

€1.7M fine issued for lack of knowledge of 'state of the art' security. • Vulnerabilities were known to the company but unaddressed before breach. • Affects Departmental Houses for the Disabled (Maisons départementales).

Underscores the regulatory risk for advisory firms that fail to audit the security of their software stacks.