Cyber Incident Victim: Palma

On July 23, 2024, the websites of 37 municipalities on Mallorca became inaccessible following a confirmed cyberattack targeting their online infrastructure. The Inselrat (island council) proactively disabled all affected sites as a precautionary containment measure after detecting malicious activity, though the exact time of initial compromise remains unspecified in available reporting. This disruption impacted critical municipal digital services across the island, including prominently cited communities such as Manacor and Santanyí. The coordinated takedown affected every participating local government portal simultaneously, indicating centralized hosting or shared technical infrastructure. No data breaches, ransomware notes, or secondary attack vectors were disclosed in initial assessments. Service interruptions persisted for at least one full day prior to restoration efforts, though the precise duration of total downtime per municipality was not quantified.

Technical recovery operations concluded successfully on July 23, with all 37 websites fully restored to public accessibility by the date of reporting. Analysis indicated attackers attempted to overwhelm at least one municipal site through volumetric traffic surges—a tactic consistent with Distributed Denial-of-Service (DDoS) attacks—though the specific target(s) and attack scale were not disclosed. The Inselrat maintained operational control throughout the incident, implementing defensive measures without external crisis response teams or law enforcement acknowledgments in cited sources. No residual threats or persistent vulnerabilities were reported post-restoration. Municipalities resumed standard operations with no cited financial losses, data integrity issues, or secondary service disruptions beyond the initial takedown period.