Spanish Insurer Asefa Targeted in Major Ransomware Leak by Qilin Group
The Qilin ransomware gang has claimed responsibility for a large-scale data breach affecting Asefa, the Spanish subsidiary of French insurance group SMABTP. The gang posted the stolen data—reportedly totaling 210GB—on its dark web leak site earlier this week.
Asefa has confirmed it is dealing with a cyberattack but has not directly linked the incident to Qilin. The company’s website currently features a notice acknowledging the breach:
“We want to sincerely thank you for the patience, understanding, and trust you have shown us during these difficult days following the cyberattack that has affected part of our systems.”
While the attack has disrupted access to certain systems, Asefa stated that core business functions remain unaffected. Email access for staff has been restored, though the website will remain down until security is fully reestablished.
Data Leak Includes FC Barcelona Stadium Insurance Files
Cybernews researchers reviewed samples of the leaked data and confirmed it includes:
- Internal corporate documents
- Legal agreements
- Passport copies
- Receipts
Among the most notable revelations is what appears to be an insurance program for the reconstruction of FC Barcelona’s Camp Nou stadium. Cybernews analysts said the exposure of such documents may present serious risks:
“Exposed sensitive documents, like passports and internal agreements, pose serious risks of identity theft or fraud and possibly corporate espionage – especially alarming is the leaked FC Barcelona insurance schedule, which could expose financial or operational vulnerabilities of a very high-profile client.”
Asefa and Parent Company SMABTP
Asefa is owned by SMABTP, a major French insurance group with annual revenues reported at over $4.6 billion. The parent company has not issued a public statement about the breach so far.
Qilin Ransomware’s Expanding Activity in 2025
Qilin has been steadily expanding its ransomware operations. While active since 2022, the group significantly increased attacks in 2025, targeting 68 organizations in April alone. According to Cybernews’ Ransomlooker tracking tool, Qilin is believed to have compromised at least 344 entities in the last 12 months.
Earlier this year, Qilin gained attention after an attack on SK Group, a global energy and manufacturing conglomerate.
