CAJA RURAL CENTRAL, S.C.C. – €72,000 Fine (Spain, 2025)

€72,000Agencia Española de Protección de Datos16 January 2025Spain
reduced
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

CAJA RURAL CENTRAL, S.C.C. was fined €72,000 after a cyber attack exposed customer data due to weak security measures. This incident shows that companies must take cybersecurity seriously to protect their customers' personal information. It serves as a wake-up call for businesses to strengthen their defenses against cyber threats.

What happened

A cyber attack on CAJA RURAL CENTRAL allowed attackers to access customer data because of security vulnerabilities.

Who was affected

Customers whose personal data was compromised during the cyber attack.

What the authority found

The Spanish DPA determined that the company failed to implement necessary security measures to prevent the cyber attack, violating GDPR requirements.

Why this matters

This ruling emphasizes the critical need for businesses to invest in cybersecurity. It highlights that failing to protect customer data can lead to significant financial penalties.

GDPR Articles Cited

AI-verified

Art. 5(1)(f) GDPR
View original scraped data
Art. 5(1) f) GDPR

Original data from scraper before AI verification against source document.

Source verified 12 March 2026
date discrepancy
Spain enforcementAgencia Española de Protección de Datos actionsAll CAJA RURAL CENTRAL, S.C.C. actions
Full Legal Summary
Detailed

The Spanish DPA has imposed a fine on CAJA RURAL CENTRAL, S.C.C.. The controller had suffered a cyber attack in which the attackers were able to access customer data due to a security vulnerability in its systems. The DPA found that the company had failed to implement the necessary security measures that could have prevented such an incident. The original fine of EUR 90,000 was reduced to EUR 72,000 due to voluntary payment.

Related Enforcement Actions (0)

No other enforcement actions found for CAJA RURAL CENTRAL, S.C.C. in ES

This is the only recorded action for this entity in this jurisdiction.

Details

Fine Date

16 January 2025

Authority

Agencia Española de Protección de Datos

Fine Amount

€72,000

Enforcement Tracker ID

ETid-2582

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. CAJA RURAL CENTRAL, S.C.C. - Spain (2025). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: