IBERDROLA, S.A.

€3,000,000

Non-compliance with general data processing principles

Decision Date

7 de fevereiro de 2024

Authority

Spanish Data Protection Authority (aepd)

ES

Sector

Transportation and Energy

Country

ES

Law

GDPR

Status

FINAL

Description

The Spanish DPA has fined IBERDROLA, S.A. EUR 3 million following a cyberattack on I-DE Redes, which led to the compromise of customer data from millions of individuals. Although the cyberattack targeted the GEA web application of I-DE Redes, Iberdrola, as the entity responsible for managing the group's IT systems and security infrastructure, was found to have failed in implementing sufficient security measures to prevent the incident.

Legal Citations

Art. 5 (1)Art. 32

Issues & Violations

Non-compliance with general data processing principles
View Official Document
Back to Fines Database
Previous Fine
Italian Data Protection Authority (Garante) - Wi-P...
Next Fine
Data Protection Authority of Hamburg (HmbBfDI) - C...

Stay Updated on Privacy Enforcement

We respect your privacy. One email per month, no spam, unsubscribe anytime.