Cyber Incident Victim: Sercom Informatica SL
Date:
Sep 2022
Location:
Spain
Summary
A cyber incident involving Sercom Informatica SL resulted in the exposure of sensitive customer data, including credentials and internal information from entities such as Hospital Puigcerda, after the company was listed on Sparta Blog's leak site. Concurrently, the hacktivist group Guacamaya leaked thousands of emails from military and police organizations across multiple Latin American countries, prompting governmental investigations into potential security breaches. Separately, the Everest ransomware group offered network access to Argentina's Ministry of Economy for sale, though the ministry had not confirmed unauthorized access despite initiating criminal and internal inquiries. These incidents collectively highlighted compromises affecting both private and public sector entities, with data exfiltration and unauthorized access claims circulating in cybercriminal forums.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 3 actors | Available to members | Available to members |
Description
In late September 2022, Sercom Informatica SL, an IT services provider, became implicated in a cybersecurity incident when the threat actor Sparta Blog listed the company on their leak site. Sparta Blog published samples of files allegedly exfiltrated from Sercom’s customers, including Hospital Puigcerda. The leaked data, though described as a small sample, contained sensitive information such as internal IP addresses, plaintext passwords, domain and subdomain details, and IT staff email addresses. This breach exposed critical infrastructure credentials and authentication mechanisms, potentially compromising the security of affected systems. The incident’s timing coincided with broader regional cyber activity, including the Guacamaya hacktivist group’s leak of 10TB of emails from military and police entities across Chile, Mexico, Colombia, Peru, and El Salvador under "Operation Repressive Forces." While these parallel incidents involved government entities, Sercom’s breach centered on its private-sector clientele, highlighting vulnerabilities in third-party IT service providers.
Following Sparta Blog’s disclosure, DataBreaches.net attempted to verify the incident’s impact by contacting Hospital Puigcerda to inquire about their awareness of the attack and whether their data had been compromised. No response was received from the hospital, leaving their official stance unconfirmed. Concurrently, DataBreaches sought additional details from Sparta Blog but received no reply regarding their claims or motives. The absence of public statements from Sercom Informatica SL or its affected clients limited visibility into containment measures or forensic investigations. The exposed credentials and network information created immediate risks of unauthorized access or follow-on attacks against Hospital Puigcerda’s systems. This incident underscored the cascading risks posed by supply-chain compromises, where a single service provider’s breach could endanger multiple downstream organizations. The lack of corroborating details from involved parties left the full scope of data exfiltration and operational disruption unresolved in public reporting.