Cyberattack on Real Sociedad results in heavy fine

The Spanish Data Protection Agency (AEPD) fined Real Sociedad €110,000 following a cyberattack in October 2023 that compromised the personal information of some 60,000 people. Thanks to a discount for early payment, the fine was reduced to €66,000.

This case is a reminder for Mexico, where organizations (including sports clubs and companies) handle highly sensitive information that requires robust protection.

Details of the cyberattack

On October 16, 2023, the club's virtual servers were encrypted with the “.akira” extension, linked to a dangerous and internationally active ransomware group.

Although Real Sociedad initially claimed that the scope was limited, the investigation revealed that data belonging to employees, players, coaching staff, event attendees, and participants in sports activities was also compromised.

A wake-up call for Mexico

The AEPD determined that the club violated the principle of data integrity and confidentiality, and highlighted that the breach remained active for more than three weeks. In Mexico, such an incident could affect thousands of people and seriously damage the reputation of the institutions involved.

This case shows the urgency of adopting measures such as data encryption, regular security audits, and incident response plans. It also reinforces the need for strict regulation that requires organizations to demonstrate that their systems comply with cybersecurity standards.

At Cyberpeace, we believe that every incident is an opportunity to learn and strengthen digital security. Prevention, data encryption, and ongoing training are essential to protecting your information. Want to stay up to date on cyberattacks, fraud, and new online threats? Follow us on social media and strengthen your cybersecurity.

• LinkedIn 

• Facebook 

• Instagram 

• X 

• YouTube