/cloudfront-eu-central-1.images.arcpublishing.com/prisa/KLSYQ32RGZFXLNNDYPWLUR2EWE)
Two 'mosos d'esquadra', in a file image. CARLES RIBAS
The hacker who managed to enter at least two corporate accounts of the Mossos d'Esquadra and disseminated personal information of 148 agents also accessed data from TV-3.
The investigated person entered a public FTP of the Catalan Audiovisual Media Corporation, where files of promotions and previews of some of his programs are shared, and shared the keys through social networks.
“There has been no [computer] attack against the CCMA,” explains the public body, which limits the incident to the violation of “some users and passwords,” which changed as soon as they were alerted by the regional police.
On January 15, the Mossos leadership activated the Risk Assessment and Protection Commission after learning that one of its corporate mailboxes, which are manipulated by various people, had been compromised.
The agents' main hypothesis is that, due to a weak password, a hacker accessed and obtained sensitive data from around seventy
police officers
, including their telephone number and professional number, in addition to their full name.
The next day, they detected that there was a second dissemination of personal data, affecting a total of 148 police officers.
The pirate assures through social networks that he has the affiliations of some 300 agents, without the Catalan police being aware that there are new victims.
Since then, the hacker has been posting previews of supposedly stolen material in different actions.
In addition to the personal data of police officers, he has also disseminated information on at least four citizens, which appear in police documents: an investigation of a robbery with violence, an arrest by a European order and a prison transfer.
Likewise, the pirate has stated that he is preparing a leak of “data of citizens of Barcelona”, and has provided examples, which include addresses and bank details, which he offers in exchange for money or cryptocurrencies, but does not indicate where it was from. information stolen.
He has also released allegedly stolen salary slips from several people.
The Catalan police have opened an investigation, already prosecuted, to arrest the author or authors of the theft and leak of data.
“For now, we have not detected that he has sold data, he offers it for free,” police sources say, regarding the hacker's actions.
On his social networks, the pirate also boasts of other incursions through vulnerable passwords, which affect the Ministry of Security of Buenos Aires or that of Tucumán, in Argentina, among others.
The Mossos d'Esquadra headquarters has offered the affected police officers forms of self-protection in the face of the leak, including the possibility of changing their Personal Identification Card (TIP) number.
Likewise, since the moment of the attack they blocked 3,000 non-nominal accounts, like the two affected, and changed the password.
All units involved in the investigation have participated in briefings on the possible impact of the incursion, and have provided safety advice.
They have also notified the Data Protection Agency of the leak, and have coordinated with the Catalan Cybersecurity Agency.
“Since the first leak, they met us urgently,” explains the spokesperson for the SAP-UGT union, Imma Viudes, who recognizes the speed of reaction of the Catalan police headquarters, which had once contacted directly with those affected, He called all the unions.
“Now what happened is still being investigated.
Once we know exactly, we will assess if something has failed,” adds Viudes, who points out some elements that could be reconsidered, such as whether it is necessary for work schedules like the ones that were leaked to include certain personal data.
“All of this should be studied,” she says.
The Catalan police suffered the largest leak of police personal data almost eight years ago, when hackers accessed the servers of one of the police unions, SME, disseminated the identity of more than 5,400
police officers
, and impersonated the union's identity on Twitter .
Then, under the pseudonym of a popular and idolized hacker, Phineas Fisher, the action was claimed as a form of protest against cases of police malpractice.
After a long judicial process, the Barcelona Court provisionally closed the case in November of last year against the two main investigators due to lack of evidence.
You can follow EL PAÍS Catalunya on
and
X
, or sign up here to receive
our weekly newsletter
Subscribe to continue reading
Read without limits
Keep reading
I am already a subscriber
_