QFC Issues First-Ever Data Protection Fine $150,000 Penalty

Sep 2024 · $150K fine

By Karim El Labban · ZERO|TOLERANCE

QFC Issues First-Ever Data Protection Fine: $150,000

In September 2024, the Qatar Financial Centre Authority issued its first-ever enforcement action under the QFC Data Protection Regulations 2021, imposing a $150,000 fine on an unnamed QFC-licensed financial services firm.

The penalty arose from a data breach in December 2022, with investigation spanning 2023-2024. The firm violated multiple QFC DPR provisions including security controls, audit logging, and the mandatory 72-hour breach notification requirement.

01

KEY FACTS

  • .What: QFC Authority issued its first-ever data protection enforcement action.
  • .Who: An unnamed QFC-licensed financial services firm and its clients.
  • .Data Exposed: Client personal and financial data; specific categories not publicly disclosed.
  • .Outcome: $150,000 fine for security, logging, and breach notification failures.
02

SOURCES

QFC Authority Enforcement Decision, QFC Data Protection Regulations 2021

RELATED ANALYSIS

USPTO GovDelivery Scam: How Fraudsters Weaponize Real .gov Emails to Steal From Trademark Filers
Apr 1, 2026 · 77K+ victims · 60+ domains · First-person investigation
Free Mobile Fined EUR 42M After 24.6 Million Customer Records Stolen
Jan 16, 2026 · EUR 42M fine
Illuminate Education: FTC Action Over 10.1 Million Student Records Breach
Dec 1, 2025 · $5.1M settlement
Capita Fined £14M After Black Basta Ransomware Exposes 6.6M Records
Oct 1, 2025 · £14M fine
SHEIN Fined €150M for Cookie Consent Violations
Jan 23, 2025 · €150M fine
MORE REGULATORY ENFORCEMENT →