Overview
- The Catalan Data Protection Authority confirmed the incident has been closed after the city implemented mitigation measures.
- Irregular activity was detected on December 26 on the Consell Social de l’Habitatge website, prompting immediate security protocols.
- The portal was deactivated on December 29 and services were restored on January 5 on a different server.
- About 6,800 people who registered between 2014 and 2018 had contact information exposed, mostly linked to requests to visit rental properties.
- Affected users received emailed guidance, personalized assistance options, and assurance their registrations remain active, while the city notified Catalan and national cyber-response bodies and reports no ransom demands or fraudulent use.