Bulgaria’s DSK Bank, a unit of Hungary’s OTP Group, has been fined 1 million levs ($569,930) for a data breach that affected over 33,000 clients, the country’s Commission for Personal Data Protection said.

According to a news report, the full named, addresses, copies of ID cards, bank account numbers and property deed data o 33,492 people who took out loans for DSK bank have been leaked and accessed by third parties. Additionally, the personal data of loan guarantors, spouses and contracting parties that were part of more than 23,000 loan dossiers have been affected, as well. 

In June, a former Bulgarian convict claimed he had access to a database with personally identifiable information of DSK clients, says the report. DSK later reported that after conducting internal checks, there was no evidence that any data had been breached. In a statement, DSK said, “DSK Bank was fined by the Commission for Personal Data Protection over a non-digital data theft carried against it. DSK Bank accepts the fine and cooperates with the authorities to further improve its personal data protection measures.”

Furthermore, the Commission said it introduced fines against DSK for failing to adopt technical ad organizational measures that would ensure the safety of their client’s data, notes the report.