IBERDROLA, S.A.
€3,000,000
Non-compliance with general data processing principles
Дата на решението
7 февруари 2024 г.
Орган
Spanish Data Protection Authority (aepd)
ES
Сектор
Transportation and Energy
Държава
ES
Право
GDPRСтатус
FINALОписание
The Spanish DPA has fined IBERDROLA, S.A. EUR 3 million following a cyberattack on I-DE Redes, which led to the compromise of customer data from millions of individuals. Although the cyberattack targeted the GEA web application of I-DE Redes, Iberdrola, as the entity responsible for managing the group's IT systems and security infrastructure, was found to have failed in implementing sufficient security measures to prevent the incident.
Правни цитати
Art. 5 (1)Art. 32
Въпроси и нарушения
Non-compliance with general data processing principles