Asemas, a prominent Spanish mutual insurance company, has allegedly become the victim of a significant data breach. A threat actor has posted on a dark web forum claiming to be in possession of a database containing 11 million records belonging to the insurer. The post, which appeared on June 26, 2025, offers the entire database for sale and includes a sample of the data to seemingly validate their claims.
Founded in 1983, Asemas is a key provider of professional civil liability insurance for architects and other professionals within the Spanish construction sector. The company insures both individuals and businesses, making the scope of the alleged breach particularly concerning for this professional community. The origin of the data appears to be a direct compromise of the company’s customer and company databases.
The compromised data allegedly contains a vast amount of sensitive personal and financial information. If the claims are verified, this incident could expose the victims to a high risk of fraud, identity theft, and targeted phishing attacks. The following information is allegedly included in the leaked database:
- Customer ID
- Full Name
- Date of Birth
- National ID
- Customer Type
- Address
- Postal Code and City
- Phone Number
- Email Address
- IBAN (International Bank Account Number)
- Payment Method
