Asefa, the Madrid-based subsidiary of France’s leading mutual insurer SMABTP, has confirmed a cyber incident that interrupted part of its IT infrastructure. The disclosure follows a claim by the Qilin ransomware syndicate that it has exfiltrated over 200 gigabytes of sensitive data from the company.
Although Asefa insists that its core insurance operations remain unaffected, the breach has cast a spotlight on growing cybersecurity vulnerabilities within the European insurance sector, particularly those with complex international footprints.
Qilin - a ransomware group known to have targeted more than 300 organisations globally in the last 12 months - has listed Asefa on its dark web leak portal. Files purportedly obtained during the breach include internal corporate documents, financial receipts, legal agreements, passport scans, and notably, details of a major insurance programme linked to the redevelopment of FC Barcelona’s Camp Nou stadium.
Asefa responded to the breach via a public notice on its website, which has since been taken offline for security reviews. In the message, the company expressed gratitude to clients for their patience and confirmed that staff had regained access to internal communication systems. However, it noted that full digital functionality would remain suspended pending a complete cybersecurity audit.
Researchers at Cybernews who analysed samples of the leaked files warned of the potential implications for identity theft, contractual fraud, and corporate espionage. The leak of documents related to a high-profile client such as FC Barcelona adds further reputational risk and could expose operational sensitivities if the authenticity of the data is confirmed.
SMABTP, founded in 1859 and headquartered in Paris, is a mutual insurance group specialising in construction and liability cover. It has expanded its presence across Europe through acquisitions and local partnerships, including its 1989 purchase of Asefa, which leads Spain’s construction defects insurance market. The parent group reported revenues exceeding €4.3 billion in its most recent filings.
The incident underlines the growing menace posed by ransomware groups operating across borders, often targeting firms with valuable infrastructure or industry-specific data. Qilin, active since 2022, has escalated its operations in 2025, with April alone seeing 68 new entities added to its list of victims.
This attack marks one of the most high-profile cyber breaches involving an insurer in southern Europe this year and is likely to raise questions among regulators and clients alike about how sensitive client data - especially linked to strategic infrastructure projects - is secured.
Insurers across the Continent are expected to review their risk exposure and reassess their own cyber insurance arrangements as a result.
