ORANGE ESPAGNE, S.A.U.

€1,200,000

Insufficient technical and organisational measures to ensure information security

Fecha de la decisión

5 de febrero de 2025

Autoridad

Spanish Data Protection Authority (aepd)

ES

Sector

Media, Telecoms and Broadcasting

País

ES

Ley

GDPR

Estado

FINAL

Descripción

The Spanish DPA has imposed a fine of EUR 1,200,000 on ORANGE ESPAGNE, S.A.U.. An individual had filed a complaint with the DPA because the company had given a duplicate of their SIM card to an unauthorized fraudulent third party without their consent. During its investigation, the DPA found that the company failed to verify the identity of the third party or obtain the data subject's consent to share their data. This allowed the fraudsters to gain access to the data subject's bank account.

Citas legales

Art. 6Art. 25

Problemas e infracciones

Insufficient technical and organisational measures to ensure information security
Ver documento oficial
Volver a la base de datos de multas
Multa anterior
Romanian National Supervisory Authority for Person...
Siguiente multa
Data Protection Authority of Hamburg (HmbBfDI) - C...

Manténgase al día sobre la aplicación de las normas de protección de la intimidad

Respetamos su intimidad. Un correo electrónico al mes, sin spam, darse de baja en cualquier momento.