Spanish amusement park giant hit with cyberattack

A Spanish amusement park company with businesses around the globe is investigating a cyberattack after a ransomware group claimed to have stolen sensitive information.

Parques Reunidos Group runs more than 60 water and amusement parks, zoos, aquariums and entertainment centers across Europe, the United States, the United Arab Emirates and Australia. The company brings in hundreds of millions of dollars each year and welcomes more than 22 million people to its parks annually.

The BianLian ransomware group said on March 3 it had launched the attack and stole employee information, including passport details, as well as information on the company's partners, data on park-related incidents, financial records, internal emails and legal documents.

BianLian has targeted the healthcare, education, insurance and media industries since at least December 2021. Little is known about where the group is based.

Parques Reunidos did not respond to requests for comment about whether the attack had affected its operations, but in a statement on their website, it admitted that they “have been subjected to an unauthorized external access” to its computer systems.

The Spanish Data Protection Authority and law enforcement agencies were contacted about the incident.

When the company’s IT team discovered the attack,it attempted to contain the damage, hired cybersecurity experts to investigate the incident and shut down affected systems. The team also blocked “users with affected information systems” and remote access connections, isolating its data center, and changed all passwords that allowed employees to access information systems.

“Additionally, the following measures are also going to be taken: extraordinary awareness and training actions, implementation of conditional access for certain accounts to ensure only internal access, and planning actions to increase the number of sources reporting to the log event collector (SIEM) and the number of licenses with enhanced security measures,” the company said.

“We continue with forensic investigations into our systems and are committed to taking action to further boost our cybersecurity safeguards as appropriate.”

The company urged customers or employees to contact a the company’s data protection officer if they discover that their personal data is being misused or if they see “phishing or spamming campaigns from Parques Reunidos.”