At Parques Reunidos Foundation we are committed to transparency and therefore, we share with you that we have been subjected to an unauthorized external access to our computer systems.
Upon learning of the incident, we immediately adopted technical and organizational measures to contain it and to prevent further unauthorized external access: appointment of forensic specialists and cybersecurity experts to investigate the incident and reinforce the security of our data, immediate shutdown of affected systems, immediate blocking of users with affected information systems, blocking of remote access connections (VPN), temporary isolation of the data center, blocking of passwords to access information systems for all users of the organization. Additionally, the following measures are also going to be taken: extraordinary awareness and training actions, implementation of conditional access for certain accounts to ensure only internal access, and planning actions to increase the number of sources reporting to the log event collector (SIEM) and the number of licenses with enhanced security measures.
We continue with forensic investigations into our systems and are committed to taking action to further boost our cybersecurity safeguards as appropriate.
We have notified the Spanish Data Protection Authority (AEPD) of this event and are fully cooperating with the authorities.
However, if you have any questions or concerns in this regard or detect any misuse of your personal data, phishing or spamming campaigns from Parques Reunidos or Parques Reunidos Foundation, please do not hesitate to contact Data Protection Officer of Parques Reunidos Foundation, Ms. Candela Ramirez Tinoco, at dataprotection@grpr.com.
We regret any difficulties this situation may have caused. Thank you very much for your understanding and collaboration. On behalf of Parques Reunidos Foundation, we appreciate your understanding and cooperation during this situation.
Kind regards,
Parques Reunidos Foundation