IBERDROLA, S.A.
€3,000,000
Non-compliance with general data processing principles
Дата принятия решения
7 февраля 2024 г.
Авторитет
Spanish Data Protection Authority (aepd)
ES
Сектор
Transportation and Energy
Страна
ES
Закон
GDPRСтатус
FINALОписание
The Spanish DPA has fined IBERDROLA, S.A. EUR 3 million following a cyberattack on I-DE Redes, which led to the compromise of customer data from millions of individuals. Although the cyberattack targeted the GEA web application of I-DE Redes, Iberdrola, as the entity responsible for managing the group's IT systems and security infrastructure, was found to have failed in implementing sufficient security measures to prevent the incident.
Юридические цитаты
Art. 5 (1)Art. 32
Проблемы и нарушения
Non-compliance with general data processing principles