Written by: Haim Ravia, Dotan Hammer
The Israeli Privacy Protection Authority (PPA) recently issued a Finding of Wrongdoing against the Israeli web storage company CyberServe, which fell victim to a cyberattack in 2021. The attack led to the exposure of extremely sensitive data, causing severe harm the data subjects.
CyberServe was accused of deficient security measures that facilitated the attack. Alongside the PPA’s investigation into the company to determine whether it had complied with the Israeli information security regulations, the company recently settled a class action lawsuit for approximately 480,000 ILS (roughly $134,000).
The PPA recently published its decision, finding that CyberServe neglected to implement cybersecurity obligations. It failed to keep its security procedures up to date, mishandled its systems’ physical security, failed to complete periodic audits, and improperly trained personnel.
This decision now serves as the basis for future oversight activities by the PPA. Beginning in August 2025, Amendment 13 to the Israeli Privacy Protection Law will take effect, and similar violations will be subject to fines of up to 480,000 ILS.
Click here to access the PPA’s published list of findings against companies, in which the Finding of Wrongdoing against CyberServe is published (in Hebrew).
