Xfera Moviles S.A. – €60,000 Fine (Spain, 2019)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
Xfera Moviles S.A. mistakenly sent an SMS that allowed a person to access another customer's account. This error led to a fine because it exposed personal data without proper security measures. Companies should double-check communication systems to prevent such breaches.
What happened
Xfera Moviles S.A. sent an SMS that gave unauthorized access to another person's account.
Who was affected
The third party whose personal data and account information were accessed by mistake.
What the authority found
The Spanish data protection authority fined Xfera Moviles for not securing personal data adequately, as required by GDPR.
Why this matters
This incident underscores the need for companies to secure their communication channels to prevent unauthorized data access. Ensuring accurate data handling can help avoid breaches and penalties.
GDPR Articles Cited
An individual complainant had received an SMS from Xfera Móviles which was to be addressed to a third party and which allowed him to access the account and personal data of this third party on the Xfera Móviles website via the telephone number and password received by SMS.
Related Enforcement Actions (10)
Other enforcement actions involving Xfera Moviles S.A. in ES
Fine
€60K
Details
Fine Date
19 November 2019
Authority
Agencia Española de Protección de Datos
Fine Amount
€60,000
Enforcement Tracker ID
ETid-119
About this data
Cite as: Cookie Fines. Xfera Moviles S.A. - Spain (2019). Retrieved from cookiefines.eu
Last updated: