Threat actor claim to have gained administrative access to the company’s Remote Desktop Protocol (RDP), which generates over 6 million euros in annual turnover. This breach has exposed sensitive data belonging to millions of individuals and entities, encompassing various municipalities, private enterprises and individuals with details ranging from bank information to street addresses, identity documents, insurance policies, and employment records.
Allegedly, Among the entities potentially impacted by this breach is the Spanish branch of BMW BANK, which stores extensive databases containing their client and insurance information. It is believed that the cyber attackers now possess the capability to access and manipulate these databases. Furthermore, they have demonstrated the ability to retrieve financial receipts, facilitate returns, and extract data into Excel spreadsheets through the company’s administrative accounts