Santalucía has confirmed a cybersecurity incident that allowed unauthorized access to personal data of clients linked to insurance policies. The intrusion into the insurer's systems was detected on May 1st and the company assures that it was able to contain it without interrupting normal operations or critical systems.
The technical scope of the attack remains unclear, but the company has detailed that the attackers accessed names and surnames, postal addresses, telephone numbers, email addresses, and national identity documents. At the same time, it has not revealed how many clients have been affected or the intrusion method used.
Santalucía notified the AEPD of the attack and warned exposed clients
After detecting the intrusion, the insurer activated its Contingency Plan and reported the incident to the Spanish Data Protection Agency, the Directorate-General for Insurance, and the State Security Forces and Corps.
In addition, the company has already contacted the affected clients to warn them of possible fraud attempts resulting from the exposure of their data. The recommendation is to exercise extreme caution with suspicious calls, SMS messages, or emails that impersonate the company to obtain sensitive information.
For now, Santalucía maintains that banking data, passwords, or access credentials have not been compromised. This detail limits the type of information stolen, although it does not eliminate the risk of impersonation campaigns based on personal and contact data.
The insurance sector has already experienced several attacks with data theft
The breach occurs in a context of increasing pressure on insurers. In April, an incident at Helvetia Caser became known, while a year ago the ransomware group Qilin attacked Asefa and extracted 210 GB of data.
Allianz Life also suffered a data theft of clients in April of last year. The repetition of these episodes confirms the interest of cybercriminals in a sector that concentrates large volumes of personal information, medical histories, financial data, and legal documentation.
To date, the perpetrator of the attack against Santalucía has not been identified, no group has claimed responsibility, and no publications of the stolen data have been found on dark web forums.