12 million leak scandal
All the information about the largest breach of communications privacy that occurred in Greece in 2020 in COSMOTE’s systems. Find out what happened, see the documents, see the information about the compensation for moral damage that anyone whose communications privacy was violated is entitled to.
ATTENTION. On this page you will not find Legal advice, we are not lawyers. It is a purely informative page. For any legal matter (e.g. filing a lawsuit or complaint for breach of privacy) you should consult your lawyer
In 2020 everything changed in Greece...
Today, criminals have the personal data of 12,013,928 telephone subscribers, including politicians, judges, businessmen, government employees, journalists and others. Democracy and the State have been corrupted. And no one has been punished, for Greek Justice, NO ONE IS TO BLAME for this crime.
In 2020, the year that Predator also started, hackers entered the systems of the largest telephone company in Greece, COSMOTE. This is what COSMOTE itself claims. They remained undisturbed for 5 months and gained access to the calls (metadata) of all Greeks. They saw whatever they wanted, the calls of whoever they wanted, and then they started taking our data. In July, August, September they took files of tens of GB with all the metadata. The scandal is of unimaginable size. To date, no one has been criminally punished. Ridiculous fines were imposed on COSMOTE but no one went to prison. Also, no compensation has yet been paid to COSMOTE subscribers for the violation of their privacy (the Law provides for a minimum of €10,000).
ATTENTION. On this page you will not find Legal advice, we are not lawyers. It is a purely informative page. For any legal matter (e.g. filing a lawsuit or complaint for breach of privacy) you should consult your lawyer
Why are you interested?
If you lived in Greece in 2020, it is extremely likely that your own privacy of communications has been violated. If in September 2020 you were a mobile subscriber of OTE-COSMOTE, then with almost absolute certainty your privacy was violated. If you were not a mobile subscriber of OTE-COSMOTE in September 2020 but you communicated between 1/9/2020-5/9/2020 with a mobile subscriber of OTE-COSMOTE, then with almost absolute certainty your privacy was violated. This unthinkable violation of the privacy of communications of 12,013,928 telephone subscribers interests you from many aspects.
- If your privacy has been violated, you have the right to claim compensation for moral damages from the perpetrators (the telephone company) as stipulated by the Law (minimum compensation of €10,000 unless you request less). Always with the advice and guidance of your lawyer.
- if they didn’t violate your privacy, they violated the privacy of millions of Greek residents. The criminals, who are walking free today, have in their possession the phone calls (the metadata, not the content) of politicians (including members of parliament, ministers, prime ministers, presidents of the republic, etc.), judges, prosecutors, businessmen, state officials, journalists, officers of the armed forces and others. The criminals who did it, obviously, did not do it for good. They did it to have in their possession the phone calls – contacts of all of them and if they find sensitive points to blackmail them. And if someone powerful is blackmailing ministers, judges, state officials, etc. you understand that he is crushing our Democracy, and therefore your rights.
What can you do?
Be informed, the issue is so serious that anyone who is indifferent consents to the violation of our Democracy.
He demanded that the culprits be found and punished. The “hacking” did not happen alone. As you will read, there are specific individuals who did not take security measures at the telephone company. There are specific individuals whose passwords were used by the alleged hackers and who stayed at COSMOTE for five months and saw everything.
Claim your rights. If your privacy has been violated, you have the right to claim compensation for moral damage as defined by the Law (minimum compensation of €10,000 unless you request less). You have the right to request the criminal prosecution of the criminals who took our data and those who facilitated the criminals to take it.
ATTENTION. On this page you will not find Legal advice, we are not lawyers. It is a purely informative page. For any legal matter (e.g. filing a lawsuit or complaint for breach of privacy) you should consult your lawyer
What you will see on this page
We have collected many documents and information and we present them all on this page. Everything you need to be informed and take action. All documents have been collected in a legal manner, claiming our right to protect the privacy of communications.
Who we are and what role we play
This page was created by George Floras, who also provided the data presented. In 2017, OTE and VODAFONE violated the privacy of Floras’ home (the metadata). Floras reported the matter to ADAE and in 2021 ADAE punished OTE and VODAFONE with its decisions 233/2021 and 234/2021 because they did not take the security measures they were obliged to take and allowed Floras’ privacy to be violated. The two companies appealed to the Administrative Court of Appeal against the ADAE decisions, but both appeals were rejected in their entirety (1118/2025 and 2366/2024). A lawsuit was filed against the legal representatives of the two companies by Floras, the legal representative of OTE was acquitted in the first instance while the legal representative of VODAFONE was punished in the first instance and in the Court of Appeal with, ultimately, 6 months of suspended imprisonment, without any mitigating circumstances (he has filed an appeal to the Supreme Court, was tried in March 2025, the decision is expected). Floras filed a lawsuit against the two companies. The lawsuit against VODAFONE became final and VODAFONE paid compensation for moral damage of €10,000 plus interest (as stipulated by the Law on the violation of confidentiality, decision 4311/2024 Athens Court of Appeal). OTE’s lawsuit has been postponed until the decision of the Administrative Court of Appeal on its appeal is issued and now that it has been rejected by the Hellenic Telecommunications Commission, it will be determined immediately.
Someone wondered “what political and financial interests are hidden behind Floras”. He wondered because, apparently, his logic is that if someone fights for the Law, they do so only when paid by others. But there is also the “other world”. When Floras dealt with the case of the violation of his own privacy, he found that it is a huge scandal. Telephone companies violate the privacy of communications systematically. 100+ decisions by ADAE in the last, almost, 8 years. The 75 decisions against OTE (55) and VODAFONE (20). The fines that ADAE imposes on them are ridiculous, almost 8 million euros for the 75 decisions when in the same period they had 10+ billion euros in profits (EBITDA). For years, ADAE posted its decisions on the Transparency Portal and hid (in violation of the Law) the names of the companies that were violating the law. Since its establishment, ADAE has never sent a decision to the Prosecutor’s Office, even though any violation of the confidentiality of communications is a serious criminal offense and even though Law No. 3684/2008 stipulates that the Prosecutor’s Office must be informed immediately. Given that the telephone companies did NOT INFORM the Prosecutor’s Office about these cases (while the Law clearly stipulates that they must inform immediately), for 19 years there was criminal immunity in the violation of the confidentiality of communications by the telephone companies. Floras decided to get involved. ADAE was forced to write the names of the companies on the Transparency Portal and send each of its decisions to the Prosecutor. The fines remain a joke though. On the other hand, the Justice “protects” those who violate the confidentiality of communications. It is crazy when the confidentiality of communications has been ABSOLUTELY INVIOLABLE by the Constitution for 160 years and when ADAE has found hundreds of violations by telephone companies that there is ONLY ONE PUNISHMENT.
Decisions and acceptance (click on the image)
The crime took place in September 2020, when the criminals took a large file from COSMOTE’s systems and by mistake they were detected and the leak was stopped. In October 2020, COSMOTE issued a statement on its website describing in very general terms what happened. In 2022, the Authority for the Assurance of the Privacy of Communications ADAE and the Personal Data Protection Authority APDPCH issued two different decisions by which they condemned COSMOTE because it was responsible for this serious violation of the privacy of communications and personal data of millions of Greek and foreign citizens. COSMOTE appealed to the courts against these decisions and the Athens Administrative Court of Appeal has already rejected its appeal against the ADAE decision in its entirety.
ADAE DECISION 225/2022
DECISION 4/2022 OF THE APDPX
DECISION 4154/2024 OF DEFATH
COSMOTE'S CONFESSION
Are you entitled to compensation for moral damages?
ATTENTION. On this page you will not find Legal advice, we are not lawyers. It is a purely informative page. For any legal matter (e.g. filing a lawsuit or complaint for breach of privacy) you should consult your lawyer
According to Article 12 of Law 3674/2008 – Civil Liability
- A natural or legal person who, in violation of the provisions of this law, causes material or moral damage to another person is obliged to pay full compensation or financial compensation or, cumulatively, full compensation and financial compensation, provided that the legal conditions for such compensation are met. The financial compensation is set, at a minimum, at the amount of ten thousand (10,000) euros, unless a lower amount is requested by the plaintiff.
- The claims of the previous paragraph are adjudicated in accordance with the procedure of articles 664 to 676 of the Code of Civil Procedure, regardless of the imposition or non-imposition of administrative sanctions or the exercise of criminal prosecution.
In simple terms, all COSMOTE subscribers whose privacy was violated in 2020, specifically the period 1/9/2020-5/9/2020) (as stated in decision 225/2022 of ADAE and decision 4/2022 of APDPX) due to the criminal incident have the right, provided that the conditions of the Law are met, to claim compensation for moral damage. However, this right is not limited to COSMOTE subscribers only, as the privacy of all subscribers who called a COSMOTE mobile or were called by a COSMOTE mobile during the same period was also violated. WE EMPHASIS THAT WE DO NOT PROVIDE LEGAL ADVICE BUT INFORMATION AND IT IS THE DUTY OF EVERY INTERESTED PARTY TO CONTACT A LAWYER OF HIS OWN CONFIDENCE.
When Does the Statute of Limitations Begin?
Regarding the statute of limitations for victims’ right to file a lawsuit, a common question is when the five-year period begins. The crime that the ADAE identified in COSMOTE’s systems occurred from September 1-5, 2020. Theoretically, one might think that the statute of limitations would expire on September 5, 2025. Repeating that only your lawyer will give you the answer you can trust, I present what is commonly known for your information.
According to Law 3674/2008, article 8: “1. In case of a violation or a particular risk of violation of communication privacy, the person responsible for ensuring privacy is obliged to immediately inform the provider or their legal representative, the public prosecutor’s office, the ADAE, and the affected subscribers, as the case may be. The information is provided in writing and, in case of inability for immediate communication, by any other appropriate means.”
Therefore, COSMOTE was obligated in September 2020 to inform ALL subscribers whose privacy was violated in writing that: 1) their privacy was violated, 2) the numbers they called and were called that leaked, and 3) all other data stolen by the criminals. This information should have been provided in writing, as there was a possibility of immediate communication, at least for its subscribers. For other subscribers, COSMOTE had their phone numbers and could have contacted them.
DID COSMOTE DO THIS?
No.
COSMOTE claims it placed advertisements in the media, which obviously the public did not see, and that is why the victims were unaware of this enormous crime until recently. In any case, the Law is not satisfied with a media post, as it does not ensure that the victim of the privacy breach learned about it.
Did COSMOTE have the money to individually inform all victims of the privacy breach? OF COURSE IT DID, it has annual earnings before taxes, interest, and depreciation exceeding one billion euros, so it had the money.
WHY DIDN’T COSMOTE DO IT? The obvious thought is that it didn’t do it to avoid causing an ocean of lawsuits and complaints.
Therefore, the subscriber—a victim of the privacy breach—cannot accept that the statute of limitations for their claim begins in September 2020.
Even when the decisions of the ADAE and the Hellenic Data Protection Authority (HDPA) were issued (in 2022), no subscriber was informed that their specific privacy was violated in COSMOTE’s systems.
The only certain notification for a COSMOTE subscriber that their privacy has been violated is the personal notification they will receive from the company itself. That is, the notification that COSMOTE was obliged to make individually and did not. And which it now makes with every request from the victims (see here).
The entire decision 4311/2024 of the Athens Court of Appeal on confidentiality and the €10,000 (click on the image)
See the relevant Laws (click on the image)
LAW 3674/2008
LAW 3471/2006
What to do to find out if your privacy has been breached in 2020 (click on image)
Watch the video of the disgrace of the Prosecutor's Office that buried the case of the largest violation of communications privacy in Greece
Here are 3 videos about the BIGGEST VIOLATION OF COMMUNICATIONS PRIVACY in Greece. In 2020, “unknown” hackers (as COSMOTE claimed and ADAE did not accept) violated the confidentiality of communications of ALL GREEKS, took our data and today are able to control and blackmail any person in public life who is vulnerable (as shown by their calls). They know the phone calls of prosecutors, judges, prime ministers, members of parliament, businessmen, diplomats, the President of the Republic, journalists and others. A huge scandal. I have all the documents of the relevant case file at my disposal (through legal process) and I decided, after doing what I had to do before, to make them public. To date, 5 years later, not a single person has been charged, not a single person has been imprisoned. The case has been closed with a ridiculous fine to COSMOTE, which is fully responsible for not taking the security measures it should have taken. Justice is infuriatingly indifferent. I reveal the unthinkable filings by two Prosecutors, with the approval of the Prosecutor of the Supreme Court. They did everything to bury it. The COSMOTE employee with whose passwords the (alleged) hackers entered COSMOTE’s systems, stayed for 5 months and took all our data, said “it wasn’t me” and “cleaned it up”. I reveal the huge “hole” in our privacy that COSMOTE had in the years 2013-2021 and the “burying” by a specific Prosecutor. Anyone who had access saw the calls of each subscriber without their access being recorded anywhere. The President and the Prosecutor of the Supreme Court are blowing the whistle indifferently (and their own calls are to the criminals), while we are talking about the BIGGEST VIOLATION OF THE PRIVACY OF COMMUNICATIONS in Greece. COSMOTE is controlled by two European Governments and remains unharmed. At the same time that they violated our personal data in an outrageous way and gave the criminals the opportunity to falsify the State. I am making everything public after much reflection on whether I should do it and whether my life is in danger. I know that this will not please powerful economic and political interests as well as domestic and foreign secret services. In the end, I chose to be good with my conscience. I believe that those who committed the crime and those who facilitated them should rot in prison. I believe that Justice, once again, is turning a blind eye and the world needs to know about it.
Video 1, duration 42 minutes. CONTENTS: what is the confidentiality of communications, my involvement in the case, the huge hole in COSMOTE that ADAE found for the years 2013-2021, the practices of Germany’s secret services.
Video 2, duration 35 minutes. CONTENTS: what happened in 2020 at COSMOTE, detailed description of the crime as revealed by the documents in the case file.
Video 3, duration 34 minutes. CONTENTS: the burying of the case by the Prosecutor’s Office
Watch the video about the compensation paid by VODAFONE for the violation of the privacy of my communications (2,100,000 views on TIKTOK)
Interview with Paris Karvounopoulos militaire.gr on 28/4/2025 on the topic of How the biggest breach of communications privacy occurred in Greece and EVERYONE is silent!
Why is the page called 12millionleakscandal?
According to ADAE decision 225/2022, in 2020 the privacy of 12,013,928 telephone subscribers was violated. The way it was done and how it was dealt with by the Justice, the Government and the Media makes it a scandal of astronomical magnitude. We named the page 12millionleakscandal to capture the leak of the personal data of 12,000,000 subscribers and the Scandal that surrounds it.