Qilin Ransomware Group Strikes Major European Insurer, Leaking Sensitive Data Including FC Barcelona Project Details
The Qilin ransomware group, responsible for targeting over 300 organizations globally in the past year, has claimed responsibility for a cyberattack on Asefa, a Madrid-based subsidiary of France’s SMABTP, one of Europe’s leading mutual insurers. The breach, disclosed in April 2025, resulted in the exfiltration of over 200GB of sensitive data, including internal corporate documents, financial records, legal agreements, passport scans, and details of a major insurance program tied to FC Barcelona’s Camp Nou stadium redevelopment.
SMABTP, founded in 1859 and headquartered in Paris, specializes in construction and liability insurance, with Asefa leading Spain’s market for construction defects coverage. The parent company reported revenues exceeding €4.3 billion in its latest financial filings. Following the attack, Asefa acknowledged the incident in a now-removed public notice, confirming temporary disruptions to internal systems while assuring clients that core insurance operations remained intact. Full digital functionality was suspended pending a comprehensive cybersecurity audit.
Cybersecurity researchers at Cybernews warned that the leaked data could fuel identity theft, contractual fraud, and corporate espionage, particularly given the high-profile nature of the FC Barcelona project. The breach highlights the escalating threat posed by ransomware groups like Qilin, which has intensified its operations in 2025, adding 68 new victims in April alone.
This incident marks one of the most significant cyber breaches involving a European insurer this year, raising concerns among regulators and clients about the protection of sensitive infrastructure-related data. While Asefa maintains that its primary services were unaffected, the attack underscores growing vulnerabilities in the insurance sector, particularly for firms with expansive international operations. The fallout is expected to prompt insurers across Europe to reassess their cybersecurity measures and risk exposure.
ASEFA cybersecurity rating report: https://www.rankiteo.com/company/asefa-sma-sa
SMABTP cybersecurity rating report: https://www.rankiteo.com/company/groupesma
"id": "ASEGRO1769571259",
"linkid": "asefa-sma-sa, groupesma",
"type": "Ransomware",
"date": "4/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'industry': 'Insurance (Construction and Liability)',
'location': 'Madrid, Spain',
'name': 'Asefa',
'size': 'Large (parent company revenue: €4.3 billion)',
'type': 'Subsidiary'},
{'industry': 'Insurance',
'location': 'Paris, France',
'name': 'SMABTP',
'size': 'Large (revenue: €4.3 billion)',
'type': 'Parent Company'}],
'customer_advisories': 'Assurance that core insurance operations remained '
'intact',
'data_breach': {'data_exfiltration': 'Yes (200GB)',
'personally_identifiable_information': 'Passport scans',
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Internal corporate documents',
'Financial records',
'Legal agreements',
'Passport scans',
'Insurance program details (FC '
'Barcelona Camp Nou project)']},
'date_publicly_disclosed': '2025-04',
'description': 'The Qilin ransomware group claimed responsibility for a '
'cyberattack on Asefa, a Madrid-based subsidiary of France’s '
'SMABTP, one of Europe’s leading mutual insurers. The breach '
'resulted in the exfiltration of over 200GB of sensitive data, '
'including internal corporate documents, financial records, '
'legal agreements, passport scans, and details of a major '
'insurance program tied to FC Barcelona’s Camp Nou stadium '
'redevelopment. The attack caused temporary disruptions to '
'internal systems while core insurance operations remained '
'intact.',
'impact': {'brand_reputation_impact': 'Raised concerns among regulators and '
'clients about data protection',
'data_compromised': 'Over 200GB of sensitive data',
'downtime': 'Temporary disruptions',
'identity_theft_risk': 'High (due to passport scans and sensitive '
'data)',
'operational_impact': 'Core insurance operations remained intact, '
'but full digital functionality was '
'suspended',
'systems_affected': 'Internal systems'},
'lessons_learned': 'The incident highlights escalating ransomware threats to '
'the insurance sector, particularly for firms with '
'international operations, and underscores the need for '
'enhanced cybersecurity measures.',
'motivation': 'Financial gain, data exfiltration',
'ransomware': {'data_exfiltration': 'Yes (200GB)',
'ransomware_strain': 'Qilin'},
'recommendations': 'Reassess cybersecurity measures and risk exposure, '
'enhance monitoring, and implement stronger data '
'protection protocols.',
'references': [{'source': 'Cybernews'}],
'response': {'communication_strategy': 'Public notice (now removed)',
'containment_measures': 'Full digital functionality suspended',
'remediation_measures': 'Comprehensive cybersecurity audit'},
'threat_actor': 'Qilin ransomware group',
'title': 'Qilin Ransomware Attack on Asefa, Leaking Sensitive Data Including '
'FC Barcelona Project Details',
'type': 'Ransomware'}