IBERDROLA, S.A.
€3,000,000
Non-compliance with general data processing principles
Ngày ra quyết định
7 tháng 2, 2024
Thẩm quyền
Spanish Data Protection Authority (aepd)
ES
Ngành
Transportation and Energy
Quốc gia
ES
Luật
GDPRTrạng thái
FINALMô tả
The Spanish DPA has fined IBERDROLA, S.A. EUR 3 million following a cyberattack on I-DE Redes, which led to the compromise of customer data from millions of individuals. Although the cyberattack targeted the GEA web application of I-DE Redes, Iberdrola, as the entity responsible for managing the group's IT systems and security infrastructure, was found to have failed in implementing sufficient security measures to prevent the incident.
Trích dẫn pháp lý
Art. 5 (1)Art. 32
Vấn đề & Vi phạm
Non-compliance with general data processing principles