Pyrénées Group Confirms Ransomware Attack Exposed Customer Data
Andorra's largest shopping centre operator reveals cyber breach leaked names, emails, and some IBANs; threat contained without ransom payment.
Key Points
- Ransomware breached internal records, exposing names, emails, and some IBANs; access keys/PINs secure.
- Threat contained by cybersecurity experts; no ransom paid, no fraud detected yet; linked to Akira group.
- Notified Andorran Data Protection Agency, cybersecurity agency, and police; enhanced security implemented.
- Customers report payment delays; urged to check statements and beware phishing.
**Pyrénées Group confirms ransomware attack exposed customer data including names, emails, and some IBANs**
Andorra's Pyrénées Group, which runs the largest shopping centre on Avinguda Meritxell, has confirmed that a ransomware cyberattack last week allowed unauthorised access to certain internal records and customer information. The breach potentially exposed names, email addresses, and in some instances payment details such as IBANs, though access keys and PIN codes remained secure.
In a statement to affected customers, particularly payment card holders, the company reported that cybersecurity specialists contained the threat, investigated its source, and restored full operations. No ransom was paid, and to date there are no signs of fraudulent use of the leaked data. Sources link the incident to the Akira ransomware group, which targeted a major Andorran tech firm 18 months earlier, though no connection has been confirmed.
Response protocols activated from early Friday, with immediate notifications to the Andorran Data Protection Agency (APDA), National Cybersecurity Agency (ANC-AD), and police Technological Crimes Unit. The group maintains ongoing contact with authorities and states that systems now operate normally with enhanced security measures.
Pyrénées urges customers and suppliers to check bank statements for unusual activity, stay wary of suspicious messages, avoid sharing personal information without verification, and not open links or attachments from unknown sources. Support is available via the data protection officer at dpo@pyrenees.ad or customer service. The company expressed regret for any inconvenience and reaffirmed its commitment to data protection standards.
Some customers continue to report payment issues, including delays in promised invoice links. Owners of a Spanish company, whose vehicle was held at the centre's workshop amid the outage, described ongoing glitches. They learned of the cyberattack through media reports after staff initially blamed a routine technical fault. "It's a disgrace that after a week they finally tell us what's happening," they said, voicing anxiety over exposed sensitive data despite official assurances.
Original Sources
This article was aggregated from the following Catalan-language sources:
- Diari d'Andorra•
Alerta als clients de Pyrénées per un ciberatac a l’empresa
- El Periòdic•
Dades exposades i responsabilitats pendents
- Altaveu•
El centre comercial 'ciberatacat' recupera l'operativa "amb seguretat" però admet fuita de dades
- Diari d'Andorra•
Pyrénées recomana els clients que comprovin els moviments bancaris pel ciberatac que va patir
- El Periòdic•
Pyrénées admet que el ciberatac ha pogut exposar dades personals dels clients i alguns comptes bancaris