Support Centre

You have out of 5 free articles left for the month

Signup for a trial to access unlimited content.

Start Trial

Continue reading on DataGuidance with:

Free Member

Limited Articles

Create an account to continue accessing select articles, resources, and guidance notes.

Free Trial

Unlimited Access

Start your free trial to access unlimited articles, resources, guidance notes, and workspaces.

Angola: APD fines the National Electricity Distribution Company $225,000 following ransomware attack

On July 19, 2024, the National Data Protection Agency (APD) announced that had it issued a decision in which it fined the National Electricity Distribution Company, ENDE-EP, $225,000 for violations of Law No. 22/11 on the Protection of Personal Data.

Background

The APD stated that its decision followed a ransomware attack on September 18, 2023. The APD stated that the cyberattack resulted in the encryption, unavailability, and unauthorized access by the attackers to data, namely to include:

  • telephone contact numbers;
  • addresses;
  • georeferenced locations; and
  • personal identification information (full names, dates of birth, parentage, addresses, Identity Card numbers, and Tax Identification Numbers).

Findings of the APD

The APD sanctioned the National Electricity Distribution Company for failing to comply with the duty to implement appropriate technical and organizational measures to protect the personal data of its customers and employees against the ransomware attack.

Outcome

In light of the above, the APD fined the National Electricity Distribution Company the equivalent of $225,000.

You can read the decision, only available in Portuguese, here.