Spanish police announced they are investigating whether the private information of millions of vehicle drivers is being offered for sale online following an attempted data breach detected by the country’s traffic authority earlier this month.
Two weeks ago, the Directorate-General of Traffic (DGT) identified suspicious activity from users attempting to access its database, a spokesperson informed Reuters. In response, the DGT blocked the suspicious access and alerted the Traffic Investigation and Analysis Group (GIAT), prompting the Guardia Civil police force to launch an investigation.
The DGT’s database holds information on more than 27 million drivers registered in Spain, including licence plate numbers and insurance details.
An anonymous post on the hacking crime forum BreachForums claimed that the user had “access to look up any licence plate or document number” and was offering to sell the entire DGT database. “We’ll have to see if there’s any truth to what is being said. In data-selling forums, they often claim to be selling things they don’t actually have,” the DGT spokesperson cautioned.
This incident is part of a wider trend of increasing cyberattacks in Spain. Over the past month, three of the country’s largest companies — telecom giant Telefonica, lender Santander, and energy company Iberdrola — reported cyberattacks resulting in breaches of employee and customer data.
According to a report by the Department of National Security, the total number of cyberattacks registered last year nearly doubled from 2022, reaching over 100,000 incidents, with 130 classified as “critical”.
