The attacked company is working with Telefónica to investigate the identified problem, which affects officials from several national security forces and could have compromised the personal and medical data of thousands of agents.
A cyber attack directed at a company subcontracted by the Civil Guard and the Ministry of Defense could have compromised the personal data of thousands of agents of said forces, including the number of their personal identification card, mobile phone or job title.
The medical examination company Medios de Prevention Externos Sur SL, based in Seville, has recently informed by letter to those affected that a cyber attack suffered on March 22 could have compromised the data of personnel employed in the Civil Guard and National Police, as well as officials and personnel assigned to the General Directorate of the Civil Guard.
Specifically, the data that hackers could have accessed are: personal identification card (TIP) number, mobile phone number, date of birth, gender, job title, medical examination results and fitness certificate.
The attack used is of the ‘Ransomware Lockbit 3.0’ type, which, according to the Incibe portal, presents “more robust encryption methods, advanced data exfiltration tactics and a more refined ransomware as a service (RaaS) structure”, than previous ones. variations of this ransomware.
The letter sent by the Sevillian company, which has been accessed by several media outlets, states that “it is working together with Telefónica to try to reverse, solve and investigate the aforementioned events.” On the other hand, the affected officials have been asked to modify their password. The Civil Guard has redirected this communication to the entire body of agents through its internal communication system.
They study the scope of the cyber attack
As indicated in the letter, signed by the company’s general director, “so far there is no evidence that a leak of said information has occurred and the following corrective actions have been adopted,” listing “technical and IT” measures to eradicate the cyber attack, “forensic analysis of the impact and scope”, and an “information restoration process”.
The infiltration has not prevented the company from continuing to provide its services, they point out, since it has backup copies. A user of X has shared a document image. There is currently speculation as to whether the criminal group or individual has attempted to blackmail the company by making the data public in exchange for money, and it is unknown if a negotiation process may be underway.
«Released at the end of June 2022, LockBit 3.0 quickly established itself as one of the most damaging of its generation. Since its launch, it has directed its attacks at key infrastructures around the world, especially the US and Europe, including government entities,” states the Incibe website, the National Cybersecurity Institute.
This news comes just a few days after a user claimed on a deep web portal to be in possession of data from millions of spanish citizenswhich the hacker was selling for $10,000.
