Cyber Incident Victim: Spain

On July 22, 2024, a cyberattack disrupted access to municipal websites across Mallorca, Spain, affecting all 37 official sites belonging to island communities. The attack prompted the Island Council (Inselrat) to proactively take the affected websites offline as a security precaution. Initial analysis indicated that attackers attempted to overwhelm at least one municipal website by generating an abnormally high volume of access requests, a technique consistent with distributed denial-of-service (DDoS) disruptions. Specific communities impacted included Manacor and Santanyí, though all municipalities relying on the centralized web infrastructure experienced service interruptions. The council's intervention caused extended downtime, preventing residents and visitors from accessing official information portals throughout the attack window. No data breach or system compromise was reported in available sources, with the primary disruption being availability-related.

By July 23, 2024, technical teams restored full access to all 37 municipal websites following mitigation efforts by the Island Council. The resolution occurred within approximately 24 hours of the initial disruption, though the exact remediation methods employed were not detailed in public reports. Service restoration eliminated the immediate operational impact on municipal communications, though the incident highlighted vulnerabilities in the shared web infrastructure. No collateral damage to other government systems or third-party platforms was disclosed. The council maintained operational control throughout the incident, implementing takedown and restoration actions without external assistance claims. Public reporting confirmed functional recovery but did not specify whether attribution efforts identified the perpetrators or whether additional security measures were implemented post-incident.