Cyber Incident Victim: Quálitas Compañía de Seguros

On August 1, 2024, Quálitas Compañía de Seguros, Mexico’s largest auto insurer, publicly disclosed through a filing with the Mexican Stock Exchange (BMV) that it had experienced a cybersecurity incident. The company detected the attack through its existing technology protocols, though specific technical details about the intrusion method or initial attack vector were not disclosed in regulatory communications. Quálitas immediately activated its incident response plan, engaging cybersecurity experts to assess the breach while maintaining normal business operations through established backup procedures. The insurer emphasized that policyholder services, including policy issuance and claims processing, continued without interruption during the investigation. No customer data compromise or financial system impacts were reported at the time of disclosure.

With 32.6% of Mexico’s auto insurance market and 5.6 million insured vehicles, Quálitas maintained 578 service offices and employed 6,814 workers as of Q2 2024, making the operational continuity during the incident critical. The company’s statement confirmed ongoing evaluation of the attack’s scope and potential implications, conducted in collaboration with external specialists under predefined response protocols. While the nature of compromised systems or data exfiltration attempts remained unspecified, the organization reiterated its focus on safeguarding client services throughout the forensic examination. No ransomware claims, threat actor attribution, or regulatory penalties were referenced in the initial disclosure. Quálitas concluded its update by reaffirming its commitment to maintaining service standards while continuing internal and external investigations into the breach.