Spain Spain

ALÍA GESTIÓN INTEGRAL DE SERVICIOS, S.L.

150,000 €

GDPR enforcement action by Spanish Data Protection Authority (aepd) on 2026-03-20.

Rank · Sector
#72
of 599 in Industry and Commerce
Rank · Spain
#88
of 1,078
Rank · All fines
#420
of 3,059

Case details

Authority
Spanish Data Protection Authority (aepd)
Date
2026-03-20
Controller / Processor
ALÍA GESTIÓN INTEGRAL DE SERVICIOS, S.L.
Sector
Industry and Commerce
Quoted Articles
Art. 5 (1) f) GDPR
Type of violation
Insufficient technical and organisational measures to ensure information security

Summary

The Spanish DPA has imposed a fine of EUR 150,000 on ALÍA GESTIÓN INTEGRAL DE SERVICIOS, S.L. The controller suffered a data breach due to a ransomware attack, affecting 77,027 individuals. The attack probably occurred because attackers compromised VPN user credentials and a digital certificate to gain remote access to the internal network. The original fine of EUR 250,000 was reduced to EUR 150,000 due to immediate payment and admission of responsibility by the controller.

Open original source Links to the regulator's original publication or another source.

Related fines