A significant data breach has allegedly struck the Spanish insurance sector, with threat actors claiming to have exfiltrated a database belonging to Seguros Bilbao, a subsidiary of the wider Occident insurance group. The breach was announced on a dark web forum, where a threat actor put a database containing the sensitive information of 842,000 Spanish citizens up for sale. Seguros Bilbao is a major player in the Spanish insurance market, offering a wide range of products including car, home, life, and health insurance. The company has a long-standing history and a substantial customer base across the country, making this alleged leak a serious concern for a vast number of individuals.
The origin of the data appears to be a customer database from the Bilbao region. The threat actor behind the sale has provided a sample of the data to substantiate their claims, revealing a highly detailed and sensitive collection of personal and financial information. The exposure of such comprehensive data could lead to a wide range of malicious activities, including identity theft, sophisticated phishing campaigns, and financial fraud against the individuals whose information has been compromised. The incident highlights the ever-present threat of cyberattacks against financial institutions and the critical need for robust security measures to protect customer data.
The compromised data allegedly includes a wide array of personally identifiable information and financial details. The full list of leaked data fields is as follows:
- ID
- DNI (National Identity Document)
- Full Name
- Commercial Name
- Home Address
- Municipality
- Province
- Postal Code
- Country Code
- Country Name
- Phone Number 1
- Phone Number 2
- Email Address
- Payment Method Code
- Payment Method Description
- Currency Code
- Currency Description
- Bank Entity Code
- Bank Branch Code
- Bank Account Number
- Bank Name
- IBAN
