Andorra's largest shopping centre operator acknowledges data breach from Akira ransomware, with no evidence
of fraud but customer frustration over delayed disclosure.
Key Points
- Ransomware breach exposed client names, emails, and IBANs; no PINs or access keys compromised.
- Linked to Akira group; no ransom paid, threat contained with expert help.
- Notified APDA, ANC-AD, police; systems fully restored with enhanced security.
- Customers upset over week-long delay in disclosure and ongoing service issues.
**Pyrénées Group confirms ransomware cyberattack exposed client names, emails, and IBANs**
Andorra's Pyrénées Group, operator of the country's largest shopping centre on Avinguda Meritxell, has acknowledged that a ransomware attack last week allowed unauthorised access to internal data and personal details of certain customers, including names, email addresses, and in some cases bank account numbers such as IBANs.
The company detailed the breach in a statement sent to affected clients, especially payment card holders. Cybersecurity experts' investigations confirmed the intrusion but found no compromise to access keys or PIN codes. To date, Pyrénées reports no evidence of fraudulent activity involving the exposed information. The incident, linked by sources to the Akira group—previously responsible for targeting a leading Andorran tech provider 18 months ago—prompted immediate activation of response protocols from early Friday. No ransom was paid, and experts helped contain the threat, trace its origin, and restore operations.
Systems and services have returned to full normalcy with bolstered security, the group stated. It notified the Andorran Data Protection Agency (APDA), National Cybersecurity Agency (ANC-AD), and police Technological Crimes Unit right away, and remains in contact with them.
Pyrénées advised clients and suppliers to monitor bank statements for irregularities, ignore suspicious messages, refrain from sharing personal details without verification, and avoid clicking unknown links or attachments. Assistance is offered through the data protection officer at dpo@pyrenees.ad or customer service.
Customer frustration persists over the handling and delayed disclosure. Owners of a Spanish firm, whose vehicle was stuck in the centre's workshop due to the outage, said they learned of the cyberattack via media after staff cited a routine technical issue. "It's a disgrace that after a week they finally tell us what's happening," they told El Periòdic. They remain anxious about exposed sensitive data despite assurances, noting promised payment links for outstanding bills have yet to arrive, suggesting ongoing glitches.
Original Sources
This article was aggregated from the following Catalan-language sources:
- El Periòdic•
Dades exposades i responsabilitats pendents
- Altaveu•
El centre comercial 'ciberatacat' recupera l'operativa "amb seguretat" però admet fuita de dades
- Diari d'Andorra•
Pyrénées recomana els clients que comprovin els moviments bancaris pel ciberatac que va patir
- El Periòdic•
Pyrénées admet que el ciberatac ha pogut exposar dades personals dels clients i alguns comptes bancaris