Cybersecurity incident involving unauthorised access to ElParking customer data
The cybersecurity incident took place on 14 June 2026, when ElParking, a service within the Mutua Madrileña Group, detected unauthorised access to certain personal data belonging to its customers. According to information provided by the company, its security systems identified the intrusion on the same day and immediately activated response protocols to contain the incident. The incident affected the infrastructure supporting the ElParking app, which is used for managing car parks and other mobility services. From the outset, the company stated that its primary objective was to limit the scope of the unauthorised access and ensure the continuity of its services whilst the incident was being investigated.
As a result of the unauthorised access, certain basic identification and contact details of users were exposed, including their name, email address, telephone number, vehicle registration number and national identity number, where these had been provided by customers. The company stated that, following the checks carried out, passwords for accessing the app and payment details were not compromised. It also reported that the unauthorised access was contained and blocked immediately, that it had stepped up monitoring of its systems, and that it had reported the incident to the relevant authorities, including the Spanish Data Protection Agency, in accordance with current regulations. Furthermore, it advised customers to remain vigilant against any suspicious communications or attempts at fraud that might make use of the exposed information.
At the time of the latest official statements, the company stated that it was not aware of any misuse of the personal data concerned and that the app was continuing to operate as normal. MutuaMás and ElParking noted that the incident was being monitored through the strengthening of the surveillance and security measures put in place following its detection. The company kept its customer service channels open to address customers’ queries and reiterated its commitment to providing updates on any relevant developments relating to the incident.



