CAJA RURAL DE ASTURIAS, S.C.C. – €12,000 Fine (Spain, 2025)

€12,000Agencia Española de Protección de Datos17 January 2025Spain
reduced
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

CAJA RURAL DE ASTURIAS, S.C.C. was fined for a cyber attack that exposed customer data due to weak security. This matters because it shows that companies must take strong measures to protect personal information. Failing to do so can lead to financial penalties.

What happened

CAJA RURAL DE ASTURIAS, S.C.C. failed to secure customer data, which was accessed during a cyber attack.

Who was affected

Customers of CAJA RURAL DE ASTURIAS, S.C.C. whose personal data was compromised in the attack.

What the authority found

The Spanish DPA ruled that the company did not implement necessary security measures, violating GDPR's requirement for data protection.

Why this matters

This case highlights the importance of robust security practices for all businesses. Companies must ensure they have adequate protections in place to avoid similar penalties.

GDPR Articles Cited

AI-verified

Art. 5(1)(f) GDPR
View original scraped data
Art. 5(1) f) GDPR

Original data from scraper before AI verification against source document.

Source verified 13 March 2026
date discrepancy
Spain enforcementAgencia Española de Protección de Datos actionsAll CAJA RURAL DE ASTURIAS, S.C.C. actions
Full Legal Summary
Detailed

The Spanish DPA has imposed a fine on CAJA RURAL DE ASTURIAS, S.C.C.. The controller had suffered a cyber attack in which the attackers were able to access customer data due to a security vulnerability in its systems. The DPA found that the company had failed to implement the necessary security measures that could have prevented such an incident. The original fine of EUR 15,000 was reduced to EUR 12,000 due to voluntary payment.

Related Enforcement Actions (0)

No other enforcement actions found for CAJA RURAL DE ASTURIAS, S.C.C. in ES

This is the only recorded action for this entity in this jurisdiction.

Details

Fine Date

17 January 2025

Authority

Agencia Española de Protección de Datos

Fine Amount

€12,000

Enforcement Tracker ID

ETid-2583

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. CAJA RURAL DE ASTURIAS, S.C.C. - Spain (2025). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: