Cyber Incident Victim: Estrella Damm
Date:
Nov 2021
Location:
Spain
Summary
A cyber-attack targeting a major Spanish brewery caused temporary production halts across its facilities, with the primary plant paralyzed for two hours before partial operations resumed. The incident, described as highly complex, disrupted computer-driven bottling processes but did not impact deliveries due to sufficient existing stock. Full recovery was anticipated shortly, though the company did not disclose attack specifics or whether a ransom was involved. The brewery activated emergency protocols and resumed normal production levels following the attack, which occurred during a lower-demand period, averting more severe supply chain consequences.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On November 9, 2021, Spanish brewery Sociedad Anónima Damm suffered a cyber-attack that disrupted operations across its production facilities. The incident, described by the company as "highly complex," temporarily halted manufacturing at all breweries, with the most significant impact occurring at Damm’s primary El Prat de Llobregat plant near Barcelona. This facility, employing approximately 500 workers and producing 7 million hectoliters of beer annually, experienced a complete two-hour operational paralysis according to communications head Olga Vidal. The attack specifically targeted computer systems essential to automated bottling processes, forcing production stoppages. While smaller breweries in Murcia and Alicante were also affected, recovery timelines varied, with El Prat being the slowest to resume operations. Initial statements to the Ara newspaper characterized the event as a "computer incident in the operating system" under active investigation. Company representatives emphasized that pre-existing inventory levels prevented immediate disruption to distribution channels, allowing Damm to fulfill all delivery commitments to commercial clients during the outage period.
Damm activated its emergency response plan immediately following the detection of the intrusion, focusing on containment and restoration efforts. IT teams achieved partial production resumption within days, with Vidal announcing expectations of full operational recovery "in the coming hours" during her November 12 Reuters interview. The company declined to specify whether ransomware was involved or if any ransom demands were made, maintaining confidentiality around both the attack methodology and resolution strategy. Internal sources indicated the timing prevented more severe consequences, noting that summer-month attacks would have caused greater disruption due to reduced inventory buffers lasting approximately three days during peak demand seasons. The incident concluded without reported data breaches or permanent operational damage, though restoration work continued through the week following the attack. This cyber incident occurred shortly after a confirmed ransomware attack targeting the nearby Autonomous University of Barcelona in October 2021, though no direct connection between the two events was established in available reporting.