Cyber Incident Victim: GSS

On September 18, 2021, the Conti ransomware gang attacked GSS, the Spanish and Latin American division of Covisian, one of Europe’s largest customer care providers. The attack crippled a significant portion of GSS’s IT infrastructure, freezing systems and disrupting automated customer support phone services across Spain and Latin America. This led to widespread outages affecting critical clients, including Vodafone Spain, MasMovil ISP, Madrid’s water supply company, and several television stations and private businesses. GSS described the attack as “inevitable/unavoidable” in a customer notification but provided no clarification for this characterization. The company immediately took all compromised internal systems offline and transitioned to Google-based alternatives to maintain partial operations. No applications reliant on the affected infrastructure were functional during the incident, and GSS did not specify a timeline for full restoration.

Covisian confirmed the ransomware attack’s confinement to GSS’s network, assuring customers that its other European operations remained unaffected. Despite Conti’s reputation for data exfiltration, Covisian stated there was no evidence of personal data leakage or impact on customer systems. The incident paralyzed call centers for days, leaving organizations dependent on GSS unable to provide standard customer service. Spain’s National Institute of Cyber-Security (INCIBE) did not publicly comment on the breach. The attack mirrored a recent ransomware incident targeting TTEC, a U.S.-based customer support provider, highlighting a pattern of threats against call center infrastructure. GSS’s reliance on alternative systems underscored the operational severity of the disruption, though the company avoided disclosing technical details about the attack vector or recovery progress.