leaksear.ch has indexed a Zurich Insurance Spain dataset containing 4,321,100 insurance policy records from a leaked MySQL dump, roughly 4.3 million records tied to Spanish policyholder data (leaksear.ch metadata). The dataset metadata lists June 29, 2021 as the breach date; in public reporting, Zurich said it informed affected customers on August 15, 2021 after a Spain incident (handelszeitung.ch).
What happened
Public reporting in October 2021 said Zurich confirmed a data leak in Spain after a hacker reported a security vulnerability and customer data was later published on the dark web. Handelszeitung reported criticism that Zurich had not communicated the issue, but Zurich told the publication it notified customers on August 15, 2021, met legal and regulatory requirements, and reported the incident to police and the Spanish data protection authority (handelszeitung.ch).
Zurich also told Handelszeitung that the incident did not originate in its own systems. Atlas Magazine separately reported that Zurich said an attacker accessed some customer data, that passwords and banking data were not accessed, and that the perpetrator announced a darknet disclosure on September 4, 2021 (atlas-mag.net).
The leaksear.ch metadata for the indexed dataset describes a leaked MySQL dump, specifically the ZURICH_POLIZAS table, with 4,321,100 insurance policy records and a breach date of June 29, 2021 (leaksear.ch metadata). Public reports do not establish whether this table is the complete set of affected records, and leaksear.ch does not attribute the intrusion beyond indexing the dataset.
What data was exposed
The searchable fields indexed for this leak are names, email addresses, phone numbers, physical addresses, and dates of birth (leaksear.ch metadata). The stored record schema also includes insurance policy details such as policy codes, status, start and end dates, cancellation dates, receipt fields, product and business codes, intermediary names and phone numbers, and policyholder indicators.
Additional stored fields include Spanish DNI/NIF document-code fields, first-driver identity and address fields, vehicle registration numbers, vehicle make, model, type, weight, seats, power, and first-registration dates (leaksear.ch metadata). The metadata also lists an Account number IBAN field; because a field list does not prove every record contains every value, responders should treat those fields as possible exposure indicators rather than assume uniform coverage across all 4.3 million records.
Why this matters
Insurance data can support credible phishing and social-engineering lures when names, dates of birth, phone numbers, addresses, policy details, intermediaries, and vehicle information align. DNI/NIF-related fields, vehicle registration fields, and any populated IBAN/account-number values raise identity-verification, fraud, and claims-pretexting risks. Security teams should monitor for Zurich-themed phishing, customer-support impersonation, and attempts to misuse Spanish identity or vehicle details.
Check your exposure
Vetted researchers and incident-response teams can request access or sign in if they already have access to check this dataset. Searchable pivots for this leak include address, date of birth, email, name, and phone.