IBERDROLA, S.A.
€3,000,000
Non-compliance with general data processing principles
Data decyzji
7 lutego 2024
Władza
Spanish Data Protection Authority (aepd)
ES
Sektor
Transportation and Energy
Kraj
ES
Prawo
GDPRStatus
FINALOpis
The Spanish DPA has fined IBERDROLA, S.A. EUR 3 million following a cyberattack on I-DE Redes, which led to the compromise of customer data from millions of individuals. Although the cyberattack targeted the GEA web application of I-DE Redes, Iberdrola, as the entity responsible for managing the group's IT systems and security infrastructure, was found to have failed in implementing sufficient security measures to prevent the incident.
Cytaty prawne
Art. 5 (1)Art. 32
Problemy i naruszenia
Non-compliance with general data processing principles