IBERDROLA, S.A.

€3,000,000

Non-compliance with general data processing principles

Fecha de la decisión

7 de febrero de 2024

Autoridad

Spanish Data Protection Authority (aepd)

ES

Sector

Transportation and Energy

País

ES

Ley

GDPR

Estado

FINAL

Descripción

The Spanish DPA has fined IBERDROLA, S.A. EUR 3 million following a cyberattack on I-DE Redes, which led to the compromise of customer data from millions of individuals. Although the cyberattack targeted the GEA web application of I-DE Redes, Iberdrola, as the entity responsible for managing the group's IT systems and security infrastructure, was found to have failed in implementing sufficient security measures to prevent the incident.

Citas legales

Art. 5 (1)Art. 32

Problemas e infracciones

Non-compliance with general data processing principles
Ver documento oficial
Volver a la base de datos de multas
Multa anterior
Italian Data Protection Authority (Garante) - Wi-P...
Siguiente multa
Data Protection Authority of Hamburg (HmbBfDI) - C...

Manténgase al día sobre la aplicación de las normas de protección de la intimidad

Respetamos su intimidad. Un correo electrónico al mes, sin spam, darse de baja en cualquier momento.