Cyber Incident Victim: ASEFA
Date:
Jun 2025
Location:
Spain
Summary
Asefa, the Madrid-based subsidiary of France’s SMABTP, confirmed a cyber incident that disrupted part of its IT infrastructure after the Qilin ransomware group claimed to have exfiltrated over 200 gigabytes of sensitive data, including internal corporate documents, financial receipts, legal agreements, passport scans and details of an insurance programme linked to the redevelopment of FC Barcelona’s Camp Nou stadium. While the insurer said its core insurance operations remained unaffected and that email access had been restored, its website stayed offline pending a full security audit. Researchers warned the leaked material could enable identity theft, contractual fraud and corporate espionage, adding reputational risk given the high‑profile nature of the stolen stadium‑related files.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
Asefa, the Madrid‑based subsidiary of France’s SMABTP, announced on 2 June 2025 that it had suffered a cyber incident that interrupted part of its IT infrastructure after the Qilin ransomware syndicate claimed to have exfiltrated over 200 gigabytes of sensitive data from the company. Although Asefa stated that its core insurance operations remained unaffected, the breach prompted the firm to take its public website offline for security reviews and to notify clients and mediators that staff had regained access to internal communication systems while full digital functionality remained suspended pending a complete cybersecurity audit. The notice, addressed to collaborators, thanked them for their patience and confirmed that the majority of services, including corporate email, had been restored and were operational for any management or query.
The data allegedly obtained by Qilin reportedly includes internal corporate documents, financial receipts, legal agreements, passport scans, and details of a major insurance programme linked to the redevelopment of FC Barcelona’s Camp Nou stadium. Researchers at Cybernews who analysed samples of the leaked files warned of potential implications for identity theft, contractual fraud, and corporate espionage, noting that the exposure of information tied to a high‑profile client such as FC Barcelona could increase reputational risk and reveal operational sensitivities if the data’s authenticity is confirmed. SMABTP, founded in 1859 and headquartered in Paris, is a mutual insurer specialising in construction and liability cover that acquired Asefa in 1989; Asefa leads Spain’s construction defects insurance market and the parent group reported revenues exceeding €4.3 billion in its most recent filings. Qilin, active since 2022, has escalated its activity in 2025, with 68 new victims added to its leak portal in April alone, and has listed more than 300 organisations globally over the past year.
In response to the incident, Asefa issued a public statement on its website expressing gratitude to clients for their patience and confirming that internal communication systems had been restored. The company indicated that it was working with the maximum dedication and all available means to restore normal operations as quickly as possible while prioritising security and service quality, and that it would continue to inform stakeholders of any developments. Access to the website remained temporarily closed until all tools and functionalities could be guaranteed as fully secure and operational. The notice concluded by reaffirming Asefa’s commitment to addressing any questions and maintaining transparency throughout the recovery process.