Centros comerciales Carrefour S.A. – No Violation (Spain, 2019)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
Carrefour experienced a cyberattack, but Spain's data protection authority found no illegal access to their systems. They were instructed to improve their security measures to prevent future incidents. This case highlights the importance of robust cybersecurity for businesses.
What happened
Carrefour suffered a cyberattack where an attacker used external databases to access their system.
Who was affected
Carrefour's information system and potentially its users were affected by the cyberattack.
What the authority found
The AEPD found no evidence of illegal access but required Carrefour to enhance its security measures.
Why this matters
This case underscores the need for businesses to continuously update their security protocols to protect against evolving cyber threats. It serves as a reminder that even without a breach, companies must ensure their systems are resilient.
GDPR Articles Cited
The AEPD received a data breach notification sent by Centros comerciales Carrefour S.A. (Carrefour) in which they inform having suffered from a cyberattack. Thus, the AEPED carried out an investigation. Th AEPD found there was no evidence showing illegal access to the Carrefour information system. Also, it issued that the attacker obtained the user code and password to access to Carrefours' information system through external fraudulent databases. The use of this database allowed the attacker to act without being detected by the security measures that Carrefour had implemented so far. However, the AEPD found that Carrefour has to implement suitable and appropriate measures to avoid such incidents. Consequently, Carrefour has been ordered to update its internal digital process to avoid as many vulnerabilities as possible. Finally, the AEPD considered that Carrefour is the responsible entity and is needs to ensure compliance with the GDPR.
Outcome
No Violation
The DPA investigated and found no violation.
Related Enforcement Actions (0)
No other enforcement actions found for Centros comerciales Carrefour S.A. in ES
This is the only recorded action for this entity in this jurisdiction.
Details
About this data
Cite as: Cookie Fines. Centros comerciales Carrefour S.A. - Spain (2019). Retrieved from cookiefines.eu
Last updated: