MADRID (Reuters) – Spanish police said on Friday there were investigating whether the private information of millions of vehicle drivers had been offered up for sale online after the traffic authority detected an attempted data breach earlier this month.
Two weeks ago, the Directorate-General of Traffic (DGT) detected suspicious activity from users trying to access its database, a spokesperson told Reuters.
The DGT blocked them and alerted the Traffic Investigation and Analysis Group (GIAT), which opened an investigation, the Guardia Civil police force said.
The DGT’s database contains detailed information – including licence plate numbers and insurance data – on more than 27 million drivers registered in Spain.
An anonymous user claimed in a post on the hacking crime forum BreachForums that they had “access to look up any licence plate or document number” and were selling the full DGT database.
“We’ll have to see if there’s any truth to what is being said. In data-selling forums, they often claim to be selling things they don’t actually have,” the DGT spokesperson said.
Over the past month, three of Spain’s largest companies – telecoms giant Telefonica, lender Santander and energy company Iberdrola – have reported suffering cyberattacks that led to breaches of employee and customer data. According to a report by the Department of National Security, the total number of cyberattacks registered last year nearly doubled from 2022 to over 100,000 incidents, 130 of which were classed as “critical”.
(Reporting by Emma Pinedo and David Latona, editing by Andrei Khalip and Gareth Jones)