IBERDROLA, S.A.
€3,000,000
Non-compliance with general data processing principles
Dátum rozhodnutia
7. februára 2024
Úrad
Spanish Data Protection Authority (aepd)
ES
Sektor
Transportation and Energy
Krajina
ES
Právo
GDPRStav
FINALPopis
The Spanish DPA has fined IBERDROLA, S.A. EUR 3 million following a cyberattack on I-DE Redes, which led to the compromise of customer data from millions of individuals. Although the cyberattack targeted the GEA web application of I-DE Redes, Iberdrola, as the entity responsible for managing the group's IT systems and security infrastructure, was found to have failed in implementing sufficient security measures to prevent the incident.
Právne citácie
Art. 5 (1)Art. 32
Problémy a porušenia
Non-compliance with general data processing principles