The decision follows an investigation into a cyberattack on Sportadmin a year ago, in which personal data of 2.1 million people was leaked. The data was then published on the Darknet, IMY said in a press release.
The audit found technical and organizational shortcomings at Sportadmin and that the company was aware of certain weaknesses in its systems.
Names, contact information, social security numbers and which sport or association they were affiliated with were revealed, and many of those affected were children and young people.
"Among the leaked information was also sensitive health information and, to some extent, protected personal data," IMY wrote.
