SERVICIOS FINANCIEROS CARREFOUR, E.F.C. – €1,500,000 Fine (Spain, 2025)

€1,500,000Agencia Española de Protección de Datos17 September 2025Spain
reduced
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

SERVICIOS FINANCIEROS CARREFOUR was fined €1,500,000 after a cyberattack exposed their weak security measures. The company admitted responsibility and received a reduced fine from the original €2,500,000. This case serves as a critical reminder for businesses to strengthen their cybersecurity to protect customer data.

What happened

SERVICIOS FINANCIEROS CARREFOUR suffered a cyberattack due to inadequate security measures.

Who was affected

Customers whose personal data was compromised during the cyberattack.

What the authority found

The Spanish data protection authority determined that the company failed to implement sufficient technical and organizational measures to protect personal data.

Why this matters

This ruling underscores the necessity for businesses to invest in robust cybersecurity practices. Companies must prioritize data protection to avoid significant fines and safeguard customer information.

GDPR Articles Cited

AI-verified

Art. 5(1)(f) GDPR
View original scraped data
Art. 5(1)(f) GDPR

Original data from scraper before AI verification against source document.

Source verified 5 March 2026
national law identified
Spain enforcementAgencia Española de Protección de Datos actionsAll SERVICIOS FINANCIEROS CARREFOUR, E.F.C. actions
Full Legal Summary
Detailed

The Spanish DPA has imposed a fine of EUR 1,500,000 on SERVICIOS FINANCIEROS CARREFOUR, E.F.C. The controller suffered a successfull cyberattack due to insufficient technical and organisational measures. The original fine of EUR 2,500,000 was reduced to EUR 1,500,000 due to immediate payment and admission of responsibility by the controller.

Related Enforcement Actions (0)

No other enforcement actions found for SERVICIOS FINANCIEROS CARREFOUR, E.F.C. in ES

This is the only recorded action for this entity in this jurisdiction.

Details

Fine Date

17 September 2025

Authority

Agencia Española de Protección de Datos

Fine Amount

€1,500,000

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. SERVICIOS FINANCIEROS CARREFOUR, E.F.C. - Spain (2025). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: