Cyber Incident Victim: Parques Reunidos Group
Date:
Mar 2023
Location:
Spain
Summary
Parques Reunidos Group, a global operator of amusement parks and entertainment venues, experienced a cyberattack by the BianLian ransomware group, leading to unauthorized access to sensitive data including employee passport details, partner information, financial records, and internal communications. The company isolated affected systems, reset access credentials, engaged cybersecurity experts for forensic analysis, and notified Spanish authorities along with law enforcement. Mitigation efforts included plans to enhance security through staff training, conditional access controls, and expanded monitoring via a SIEM system. Affected individuals were advised to report any misuse of personal data or fraudulent communications impersonating the organization.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
The BianLian ransomware group claimed responsibility for a cyberattack against Parques Reunidos Group on March 3, 2023, alleging unauthorized access to the Spanish amusement park operator's systems and theft of sensitive data. The company, which operates over 60 amusement parks, zoos, and entertainment centers across Europe, North America, the Middle East, and Australia, confirmed through a public statement that it had experienced unauthorized external access to its computer systems but did not disclose operational impacts. BianLian asserted theft of employee information including passport details, partner data, park incident reports, financial records, internal emails, and legal documents. The company's IT team discovered the intrusion and initiated containment measures by shutting down affected systems and blocking remote access connections. They isolated the data center infrastructure, revoked compromised user credentials, and mandated password resets across all information systems. Cybersecurity forensic experts were engaged to investigate the breach's scope and methodology.
Parques Reunidos reported the incident to Spain's Data Protection Authority and law enforcement agencies, though no ransom demands or payment negotiations were disclosed. Planned remediation included enhanced employee cybersecurity training, implementation of conditional access controls to restrict internal-only system access, and expansion of security information and event monitoring (SIEM) capabilities through additional data sources and license upgrades. The company advised customers and employees to monitor for phishing or spamming campaigns impersonating the organization and to contact their data protection officer regarding potential misuse of personal information. Internal forensic investigations remained ongoing, with commitments to bolster cybersecurity safeguards based on findings. No further details regarding data volume, operational disruptions, or financial impact were provided in available statements.