• Home
  • cyber
  • Décimas: Décimas fined €120,000 by Spanish watchdog after data breach
cyber Breach

Décimas: Décimas fined €120,000 by Spanish watchdog after data breach

May 5, 2026 1 min read
Décimas: Décimas fined €120,000 by Spanish watchdog after data breach

Décimas Fined €120,000 by Spanish Data Watchdog Over Customer Data Breach

On May 5, 2026, Spanish sportswear retailer Décimas was fined €120,000 by the country’s data protection authority following a breach that exposed customers’ ID numbers, gender, and email addresses. The regulator determined that Décimas failed to implement adequate security measures, leaving its systems vulnerable to exploitation by third parties who later sold the stolen data online.

The decision, published on May 4, 2026, criticized the company for both its initial lack of monitoring and its insufficient response after the breach occurred. The fine underscores the regulator’s stance on enforcing stricter data protection compliance, particularly in cases where preventable vulnerabilities lead to unauthorized data exposure. The full ruling is available in Spanish.

Source: https://www.mlex.com/mlex/articles/2473540/decimas-fined-120-000-by-spanish-watchdog-after-data-breach

Décimas TPRM report: https://www.rankiteo.com/company/decima

"id": "dec1777984502",
"linkid": "decima",
"type": "Breach",
"date": "5/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"
{'affected_entities': [{'industry': 'Sportswear',
                        'location': 'Spain',
                        'name': 'Décimas',
                        'type': 'Retailer'}],
 'data_breach': {'data_exfiltration': 'Yes',
                 'personally_identifiable_information': 'ID numbers, gender, '
                                                        'email addresses',
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': 'Personally Identifiable '
                                             'Information (PII)'},
 'date_publicly_disclosed': '2026-05-04',
 'description': 'Spanish sportswear retailer Décimas was fined €120,000 by the '
                'country’s data protection authority following a breach that '
                'exposed customers’ ID numbers, gender, and email addresses. '
                'The regulator determined that Décimas failed to implement '
                'adequate security measures, leaving its systems vulnerable to '
                'exploitation by third parties who later sold the stolen data '
                'online.',
 'impact': {'data_compromised': 'ID numbers, gender, email addresses',
            'financial_loss': '€120,000',
            'identity_theft_risk': 'High',
            'legal_liabilities': 'Fine imposed'},
 'initial_access_broker': {'data_sold_on_dark_web': 'Yes'},
 'investigation_status': 'Completed',
 'motivation': 'Data theft and sale',
 'post_incident_analysis': {'root_causes': 'Inadequate security measures and '
                                           'lack of monitoring'},
 'references': [{'source': 'Spanish Data Protection Authority Ruling'}],
 'regulatory_compliance': {'fines_imposed': '€120,000',
                           'regulations_violated': 'Spanish data protection '
                                                   'regulations'},
 'response': {'enhanced_monitoring': 'Insufficient'},
 'threat_actor': 'Third parties',
 'title': 'Décimas Fined €120,000 by Spanish Data Watchdog Over Customer Data '
          'Breach',
 'type': 'Data Breach',
 'vulnerability_exploited': 'Inadequate security measures'}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.