Personal data and confidential medical information of national police officers and civil guards has been compromised by hackers. The company Medios de Prevención Externos Sur S. L. (MPE), responsible for conducting periodic health check-ups for security forces agents, notified them that their computer system was attacked by a ransomware virus called Lockbit 3.0 on March 22nd. This type of malicious software is used by hackers to encrypt information in private companies and public organizations, making it inaccessible and then demanding a high ransom for its release. The same virus affected the City of Seville last September, causing the suspension of all their online services. Information accessed by the hackers includes each agent’s professional identification number, gender, mobile phone number, email, and medical examination results, but not their names. The Guardia Civil has warned agents to be vigilant against suspicious emails, messages, or calls that may impersonate the company.
The leak of information came to light after MPE informed agents via email that they had filed a report with the Guardia Civil regarding the cyberattack. They are working with Telefónica to resolve and investigate the incident. The email also acknowledged that the hackers may have accessed confidential data of Guardia Civil personnel, members of the Armed Forces, and civilian personnel assigned to the Guardia Civil. While they confirmed that no evidence of data leakage exists, MPE assured that they had taken corrective measures to prevent future breaches. The company mentioned that they have backups of all information on their computers and can continue providing medical check-up services to all affected personnel. The email, signed by the company’s general manager, provided a contact email address for any clarifications or concerns.
The Guardia Civil’s General Directorate also sent an internal notification to its agents, clarifying that the cyberattack affected MPE’s systems, but not those of the Guardia Civil. They assured that Guardia Civil information was not compromised in the attack, and there is no evidence of data leakage so far. Despite not having agents’ names or personal identification numbers, the Guardia Civil advised its agents to be cautious of suspicious emails, messages, or calls pretending to be from MPE. Justice Policial (Jupol) and Justice para la Guardia Civil (Jucil) have demanded explanations from the Ministry of Interior regarding the incident and called for increased cybersecurity measures for companies handling confidential information of security agents.
The breach highlights the vulnerability of personal data and the importance of robust cybersecurity measures in managing sensitive information. The fallout from such incidents can have far-reaching consequences for individuals and organizations. It underlines the need for continuous monitoring, updating security protocols, and educating employees about potential cyber threats. The cooperation between MPE, Telefónica, and the Guardia Civil demonstrates the importance of joint efforts to address cybersecurity challenges and protect data integrity. The incident serves as a wake-up call for all organizations handling confidential information to prioritize cybersecurity and data protection measures to prevent future breaches.
The immediate response from MPE to the cyberattack, including filing a report with the Guardia Civil and implementing corrective actions, reflects their commitment to addressing the situation promptly and transparently. The provision of backup information and the assurance of continued service delivery show a proactive approach in mitigating the impact of the breach on affected personnel. The Guardia Civil’s communication to its agents, reassuring them of their data’s security and advising caution against potential phishing attempts, underscores the importance of communication and transparency in handling data breaches. Overall, the incident emphasizes the need for vigilance, collaboration, and preparedness in the face of evolving cybersecurity threats.