Diario Sur - Diario de Málaga. Noticias de Malaga

Sections

Services

Highlight

Delete
Massive database breach at Spain's DGT with 34 million records of drivers and their vehicles being stolen
Crime

Massive database breach at Spain's DGT with 34 million records of drivers and their vehicles being stolen

The hackers, who managed to break into Directorate-General for Traffic systems, apparently gained access to identity and address information along with vehicle and insurance details

Melchor Sáiz-Pardo

Friday, 31 May 2024, 18:57

Spain's Ministry of the Interior is facing what could be the biggest data breach in its history. A massive cyberattack on the main database of the country's Directorate-General for Traffic (DGT) has managed to steal the data of 34.4 million drivers and their vehicles. This information, which was obtained during a computer attack in the first fortnight of May, has already been put on sale on different sites on the deep web, according to reports this Friday from different specialised forums.

The information that the hackers have been offering to the highest bidder since at least 13 May would include, according to the samples offered to potential buyers in the form of screenshots, details of drivers in Spain with valid driving licences, such as name, ID number, address and information on vehicles related to that person, such as number plates, type, make and model, as well as details of active insurance. In short, a large part of the information that the DGT holds in its databases.

"We have access to consult any number plate or document of the drivers. We also sell the entire database with 34,418,270 rows," said 'PeTu', one of the alleged hackers on Breachforums, a well-known portal where cybercriminals operate and which the American FBI has tried unsuccessfully to shut down on several occasions. The alleged thieves, who claim that all kinds of searches can be performed on the stolen database, are not asking for a specific amount for these files, although experts estimate that they could be worth several hundred thousand euros.

The Traffic Investigation and Analysis Group (GIAT) of the Guardia Civil took over the investigation a few days ago, shortly after the data was offered for sale on the internet. The DGT, for its part, has identified several suspicious users who tried to enter the database to gather information on those dates. All of them were cut off and their identities were reported to the Guardia Civil. The DGT, for the moment, has not officially confirmed the theft or the scale of the theft.

Although the exfiltrated information does not include data such as passwords, personal codes or account numbers, this type of affiliate information is very useful for criminals, because they are often used in phishing attacks against customers of other companies, impersonating them to try to obtain keys and passwords.

Black month in cybersecurity

The massive theft of data from the Directorate General for Traffic comes in a particularly dark month for cybersecurity in Spain. Last Wednesday it became known that another cyberattack had stolen the data of 850,000 Iberdrola customers (600,000 from Iberdrola Clientes, its free market subsidiary, and another 250,000 from Curenergía, its regulated market supplier). The hackers managed to break into one of the files where customer data is collected between 5 and 7 May, exploiting an error in the security systems of an external supplier of the electricity giant. In different Telegram forums and on other hacker platforms on the dark web, the stolen information was immediately put up for sale. The thieves claimed to have stolen 1.5 gigabytes of information.

Shortly beforehand, Telefónica had acknowledged the potential theft and leakage of data on around 120,000 users and company employees. The alleged 'hacking' became known through various hacker forums, where the alleged thieves have offered a company database with more than 2.6 million records.

Three weeks ago, Banco del Santander reported to the National Securities Market Commission (CNMV) that it had suffered "unauthorised access to a database" containing information on its customers in Spain, Chile and Uruguay. The file that was breached also contained data on "all employees and some former employees of the group", with the exception of Germany. In other words, information on some 200,000 workers and former workers.

Publicidad

Top 50
  1. 1 Costa del Sol town will be 'one of the most spectacular areas in southern Europe', according to mayor
  2. 2 Junta gives green light to Costa del Sol road widening project
  3. 3 Violent death in Malaga village: 'my brother died to save my life'
  4. 4 65-year-old suffers heart attack while playing walking football on Costa del Sol
  5. 5 Spain's Carlos Alcaraz out of Australian Open after being outclassed by veteran Novak Djokovic
  6. 6 Police appeal for public's help to find missing 13-year-old Gibraltar girl
  7. 7 Water supply in Malaga town to be cut from Monday night to 'improve municipal network'
  8. 8 Torremolinos closed December with record drop in number of unemployed
  9. 9 Demolition complete of building on land earmarked for new cultural centre in Benalmádena
  10. 10 Benalmáderna to install sun shades in open spaces to protect school pupils from 'intense summer heat'

Publicidad

Publicidad

Publicidad

Esta funcionalidad es exclusiva para suscriptores.

Comentar es una ventaja exclusiva para registrados

¿Ya eres registrado?

Inicia sesión
Espacios grises

Reporta un error en esta noticia

* Campos obligatorios

Política de privacidad

surinenglish Massive database breach at Spain's DGT with 34 million records of drivers and their vehicles being stolen