The ESA’s reaction to the E3 data leak
This puts the ESA in a tough spot. I reached out to the organization, and it provided the following statement from a spokesperson:
“ESA was made aware of a website vulnerability that led to the contact list of registered journalists attending E3 being made public. Once notified, we immediately took steps to protect that data and shut down the site, which is no longer available. We regret this this occurrence and have put measures in place to ensure it will not occur again.”
While this breach could expose people to certain threats, it could also hurt the ESA’s bottom line. Companies pay the organization a lot of money to show up to E3. And part of the reason the trade show is worth that price is because the group has a spreadsheet with the contact info for popular YouTubers and influential media personalities. If people are more hesitant to share that data at E3 2020, suddenly the show is potentially less valuable to attending developers and other companies. The ESA website was likely also accessible from Europe, and it contained info for European members of the press. That could turn this into a GDPR (General Data Protection Regulation) issue. That is the EU regulatory framework that obliges any company that collects data to meet certain assurances of security.
The maximum fine for a GDPR violation is 20 million euros.
GDPR – One Year On