A GDPR related 400 000€ fine because a company was storing confidential data without authentication using sequential IDs, _and_ they didn’t care when they were warned about the issue.