CAJA RURAL DE JAEN, BARCELONA Y MADRID, S.C.C. – €400,000 Fine (Spain, 2025)

€400,000Agencia Española de Protección de Datos16 January 2025Spain
reduced
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

CAJA RURAL DE JAEN, BARCELONA Y MADRID was fined after a cyber attack exposed customer data. This incident is important because it shows how crucial it is for businesses to have strong security measures in place to protect sensitive information. Companies need to take cybersecurity seriously to avoid costly breaches.

What happened

CAJA RURAL DE JAEN, BARCELONA Y MADRID suffered a cyber attack that accessed customer data due to security vulnerabilities.

Who was affected

Customers whose personal data was compromised during the cyber attack.

What the authority found

The Spanish DPA determined that the company failed to implement necessary security measures, violating GDPR rules.

Why this matters

This ruling emphasizes the need for businesses to prioritize data security. It serves as a warning that failure to protect customer information can lead to significant financial penalties.

GDPR Articles Cited

AI-verified

Art. 5(1)(f) GDPR
View original scraped data
Art. 5(1)(f) GDPR

Original data from scraper before AI verification against source document.

Source verified 6 March 2026
date discrepancy
Spain enforcementAgencia Española de Protección de Datos actionsAll CAJA RURAL DE JAEN, BARCELONA Y MADRID, S.C.C. actions
Full Legal Summary
Detailed

The Spanish DPA has imposed a fine on CAJA RURAL DE JAEN, BARCELONA Y MADRID, S.C.C.. The controller had suffered a cyber attack in which the attackers were able to access customer data due to a security vulnerability in its systems. The DPA found that the company had failed to implement the necessary security measures that could have prevented such an incident. The original fine of EUR 500,000 was reduced to EUR 400,000 due to voluntary payment.

Related Enforcement Actions (0)

No other enforcement actions found for CAJA RURAL DE JAEN, BARCELONA Y MADRID, S.C.C. in ES

This is the only recorded action for this entity in this jurisdiction.

Details

Fine Date

16 January 2025

Authority

Agencia Española de Protección de Datos

Fine Amount

€400,000

Enforcement Tracker ID

ETid-2550

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. CAJA RURAL DE JAEN, BARCELONA Y MADRID, S.C.C. - Spain (2025). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: