Enforcement
EN

SERVICIOS FINANCIEROS CARREFOUR, E.F.C.: Insufficient technical and organisational measures to ensure information security

€1,500,000 fine - Spanish Data Protection Authority (aepd)

€1,500,000 Fine
SERVICIOS FINANCIEROS CARREFOUR, E.F.C.
SPAIN
Insufficient technical and organisational measures to ensure information security
Sep 17, 2025 Source

Content

The Spanish DPA has imposed a fine of EUR 1,500,000 on SERVICIOS FINANCIEROS CARREFOUR, E.F.C. The controller suffered a successfull cyberattack due to insufficient technical and organisational measures. The original fine of EUR 2,500,000 was reduced to EUR 1,500,000 due to immediate payment and admission of responsibility by the controller.

GDPR Articles: Art. 5 (1) f) GDPR
Industry: Finance, Insurance and Consulting