THE PHONE HOUSE SPAIN, S.L. – €6,500,000 Fine (Spain, 2023)

€6,500,000Agencia Española de Protección de Datos27 December 2023Spain
final
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

The Spanish data protection authority fined THE PHONE HOUSE SPAIN, S.L. €6.5 million after a ransomware attack exposed personal data of 13 million people. The company failed to protect this data with proper security measures, which is critical for keeping customer information safe.

What happened

THE PHONE HOUSE SPAIN, S.L. suffered a ransomware attack that leaked personal data of 13 million individuals.

Who was affected

Customers and employees of THE PHONE HOUSE SPAIN, S.L. whose personal data was compromised in the attack.

What the authority found

The authority found that the company did not implement adequate security measures to protect personal data, violating GDPR's requirements.

Why this matters

This case highlights the importance of strong data protection practices for companies handling large amounts of personal information. Other businesses should review their security protocols to prevent similar breaches.

GDPR Articles Cited

AI-verified

Art. 32(GDPR)
Art. 5(1)(f) GDPR
View original scraped data
Art. 5(1)(f) GDPR
Art. 32 GDPR

Original data from scraper before AI verification against source document.

Source verified 4 March 2026
verified correct
Spain enforcementAgencia Española de Protección de Datos actionsAll THE PHONE HOUSE SPAIN, S.L. actions
Full Legal Summary
Detailed

The Spanish DPA has imposed a fine of EUR 6.5 million on THE PHONE HOUSE SPAIN, S.L. The controller had suffered a ransomware attack affecting personal data of 13 million individuals (e.g. customers and employees), which was exfiltrated and published on the deep web. The DPA's investigation revealed that the controller had failed to implement appropriate technical and organisational measures to protect personal data, in order to prevent such an incident.

Related Enforcement Actions (0)

No other enforcement actions found for THE PHONE HOUSE SPAIN, S.L. in ES

This is the only recorded action for this entity in this jurisdiction.

Details

Fine Date

27 December 2023

Authority

Agencia Española de Protección de Datos

Fine Amount

€6,500,000

Enforcement Tracker ID

ETid-2532

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. THE PHONE HOUSE SPAIN, S.L. - Spain (2023). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: