THE PHONE HOUSE SPAIN, S.L.

€6,500,000

Insufficient technical and organisational measures to ensure information security

Fecha de la decisión

27 de diciembre de 2023

Autoridad

Spanish Data Protection Authority (aepd)

ES

Sector

Media, Telecoms and Broadcasting

País

ES

Ley

GDPR

Estado

FINAL

Descripción

The Spanish DPA has imposed a fine of EUR 6.5 million on THE PHONE HOUSE SPAIN, S.L. The controller had suffered a ransomware attack affecting personal data of 13 million individuals (e.g. customers and employees), which was exfiltrated and published on the deep web. The DPA's investigation revealed that the controller had failed to implement appropriate technical and organisational measures to protect personal data, in order to prevent such an incident.

Citas legales

Art. 5 (1)Art. 32

Problemas e infracciones

Insufficient technical and organisational measures to ensure information security
Ver documento oficial
Volver a la base de datos de multas
Multa anterior
Spanish Data Protection Authority (aepd) - Private...
Siguiente multa
Data Protection Authority of Hamburg (HmbBfDI) - C...

Manténgase al día sobre la aplicación de las normas de protección de la intimidad

Respetamos su intimidad. Un correo electrónico al mes, sin spam, darse de baja en cualquier momento.