The Spanish Consumer Organization (Organización de Consumidores y Usuarios), a prominent consumer organization, has fallen victim to a significant cyberattack, compromising sensitive data. The breach exposed over 500 email credentials and passwords from internal accounts within the OCU. Additionally, confidential internal documents from the organization were also leaked, raising serious concerns about the security of its data. The leak was initially discovered in November when it was posted on BreachedForum, a notorious online forum known for malicious hacking activities.
The cybercriminals behind the attack claimed that the stolen data would not be sold, but would be published in 12 hours.
The OCU confirmed its awareness of the breach, stating that it adheres to strict data protection and security protocols. The organization conducted an internal assessment to determine whether the breach posed a risk to individuals’ rights and freedoms. Based on this evaluation, the OCU decided whether to notify Spain’s Data Protection Agency (AEPD) and any affected individuals.
In their official statement, the OCU emphasized that the leaked data primarily consisted of older internal information. The organization is currently investigating the breach, both independently and with potential support from authorities, to determine its origin. The hackers also referenced another Spanish hacktivist group, Los Pelaos Bro, suggesting potential links to a broader network of cybercriminals. This attack follows a pattern of cyber intrusions in Spain, where the OCU is believed to have suffered a previous breach, although this has not been fully confirmed.
This attack on the OCU highlights the increasing prevalence of cyberattacks in Spain, particularly in 2024.
The National Cybersecurity Institute (INCIBE) reported a notable rise in cyber incidents, with 97,348 incidents managed in 2024, marking a 16.6% increase compared to the previous year. More than 32% of these incidents targeted organizations and businesses, including small and medium-sized enterprises (SMEs) and freelancers, emphasizing the growing threat posed by cybercriminals in both the private and public sectors.
Reference: