• Home
  • cyber
  • Telefónica Móviles: Telefónica Móviles fined €300,000 for GDPR data breach in Spain
cyber Breach

Telefónica Móviles: Telefónica Móviles fined €300,000 for GDPR data breach in Spain

Dec 22, 2025 1 min read
Telefónica Móviles: Telefónica Móviles fined €300,000 for GDPR data breach in Spain

**Movistar Fined €300,000 for GDPR Violation in Spain**

On December 22, 2025, Spain’s Data Protection Agency (AEPD) imposed a €300,000 fine on Telefónica Móviles, operating as Movistar, for violating the EU’s General Data Protection Regulation (GDPR). The penalty stems from the unlawful processing of personal data during a mobile phone line transfer, where customer information was mishandled.

The AEPD ruled that Movistar failed to comply with GDPR requirements, though the company has one month to appeal the decision. The case highlights ongoing regulatory scrutiny over telecom providers’ data handling practices under EU privacy laws. Full details of the ruling are available in the attached decision (in Spanish).

Source: https://www.mlex.com/articles/2424538/telef-nica-m-viles-fined-300-000-for-gdpr-data-breach-in-spain

Telefónica cybersecurity rating report: https://www.rankiteo.com/company/telefonica

"id": "TEL1766404766",
"linkid": "telefonica",
"type": "Breach",
"date": "12/2025",
"severity": "50",
"impact": "2",
"explanation": "Attack limited on finance or reputation"
{'affected_entities': [{'industry': 'Telecommunications',
                        'location': 'Spain',
                        'name': 'Telefónica Móviles (Movistar)',
                        'type': 'Telecommunications'}],
 'data_breach': {'personally_identifiable_information': 'Yes',
                 'sensitivity_of_data': 'High (GDPR-protected data)',
                 'type_of_data_compromised': 'Personal data'},
 'date_publicly_disclosed': '2025-12-22',
 'description': 'Telefónica Móviles, operating under the brand name Movistar, '
                'was fined €300,000 for breaching the EU’s GDPR data '
                'protection rules. The fine was imposed due to unlawful '
                'processing of data when an individual’s mobile phone line was '
                'changed.',
 'impact': {'brand_reputation_impact': 'Potential reputational damage due to '
                                       'GDPR violation',
            'data_compromised': 'Personal data processed unlawfully during '
                                'mobile phone line changes',
            'financial_loss': '€300,000',
            'legal_liabilities': 'Regulatory fine imposed'},
 'investigation_status': 'Completed (decision issued)',
 'post_incident_analysis': {'root_causes': 'Unlawful processing of personal '
                                           'data during mobile phone line '
                                           'changes'},
 'references': [{'date_accessed': '2025-12-22', 'source': 'MLex'}],
 'regulatory_compliance': {'fines_imposed': '€300,000',
                           'legal_actions': 'Decision can be appealed within '
                                            'one month',
                           'regulations_violated': ['GDPR'],
                           'regulatory_notifications': 'Spanish Data '
                                                       'Protection Agency'},
 'title': 'Telefónica Móviles (Movistar) GDPR Violation Fine',
 'type': 'Data Breach'}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.