Madrid, Spain — Asefa, the Madrid-based arm of French mutual insurance giant SMABTP, has confirmed a cyberattack that disrupted part of its IT systems. The incident follows claims by the Qilin ransomware group that it has stolen over 200 gigabytes of sensitive data from the company.
Core Insurance Services Unaffected, Says Asefa
In a public announcement, Asefa stated that its core insurance operations remain unaffected. However, the company acknowledged that internal communication systems were disrupted, and its website is currently offline for a security review.
“We appreciate our customers’ patience,” Asefa said in its statement, adding that full restoration of digital services will only occur after a comprehensive cybersecurity audit is completed.
Qilin Lists Asefa on Dark Web Leak Site
Qilin, a ransomware group active since 2022, added Asefa to its dark web leak portal, claiming access to internal files. The leaked documents allegedly include:
-
Internal corporate documents
-
Financial receipts and legal agreements
-
Scanned passports
-
Data tied to a major insurance program for FC Barcelona’s Camp Nou stadium reconstruction
Experts Warn of Severe Reputational and Security Risks
Cybersecurity researchers at Cybernews analyzed a sample of the leaked files. They warned the breach could result in identity theft, contract fraud, and corporate espionage. If the leaked FC Barcelona-related files are confirmed as genuine, the reputational damage could be significant and may reveal sensitive project details.
SMABTP: A Leader in Construction and Liability Insurance
SMABTP, founded in 1859 and headquartered in Paris, is a mutual insurance group specializing in construction and liability insurance. It expanded into Spain with the acquisition of Asefa in 1989, which now leads the Spanish market for construction defect insurance. The group recently reported revenues exceeding €4.3 billion.
Rise in Cross-Border Ransomware Threats
This incident underlines a broader cybersecurity crisis in the European insurance sector, especially for companies with international operations. Qilin, the ransomware group behind the attack, has been linked to over 300 global attacks in the past year. In April 2025 alone, it added 68 new victims to its list.
The group often targets firms with valuable infrastructure or high-stakes industry data. Experts believe its operations have become more aggressive in 2025.
Southern Europe’s Insurance Industry on Alert
The Asefa breach is among the most significant cyberattacks on a southern European insurer in 2025. It is expected to trigger regulatory scrutiny and force industry-wide discussions on data protection, especially for firms managing strategic infrastructure projects.
Analysts suggest that insurers across Europe may soon reassess their cybersecurity policies, review cyber insurance coverage, and strengthen safeguards for sensitive client data.
Related topics:
