The Madrid transport consortium warned in February of a cyber attack in November that compromised travelers' data

A woman passes her ticket at the turnstile at the Plaza de España station of the Madrid metro, in July 2020.Eduardo Parra (EUROPA PRESS)

The Regional Transport Consortium (CRTM) of Madrid has warned this February of a cyber attack that occurred in the early hours of November 22 and that compromised the data of travelers holding transport cards.

Between January and September 2023, 57,299 crimes of this nature were recorded in the region, which is 19% more than those recorded in the same period last year, according to data from the Community of Madrid.

At the time of publication of this article, neither this entity, nor the Transport Department of the regional Government, had clarified the reason that led to postponing public communication of the incident that affects the consortium for three months.

More information

Teleworking increases the risk of suffering a cyber attack in Spain

“The databases containing information on public transport card holders have been compromised,” the entity acknowledges in a statement published on February 14 on its website.

“The person in charge of processing personal data communicates that this is a cybersecurity incident, confirming a cyberattack of external origin, intentional and malicious, which has affected the confidentiality of personal data,” he continues.

“The exact content of the possible extraction carried out as a result of the attack has not been evident, although there is evidence of the extraction of information from databases of public transport card holders of the Community of Madrid with identifying data (name, surname , address, email, telephone, town and province, postal code, …) and sales of transportation tickets,” he adds.

Although the consortium assures that it is not aware of any problems as a result of the data leak, the risk is evident: from receiving unwanted communications to being the victim of a phishing attempt

or identity theft taking advantage of all the information collected during the attack.

The cyberattack suffered by this entity occurred just a month after Telemadrid's broadcast went down for three hours as a result of a similar action.

The incident also affected Onda Madrid, the regional public radio station.

In the heat of these incidents, the Government of Isabel Díaz Ayuso justified the need to promote last December an autonomous cybersecurity agency in charge of setting up a Cybersecurity Incident Response Team (

) for the entire Community of Madrid.

These experts, the Government detailed in a note, “will be in charge of receiving, reviewing and replicating all reports and activities on events that occur in the territory and collaborating with the attacked entities so that they can recover normal operations. and are prepared in the future to avoid new incidents.”

And he added: “This structure will also be focused on reinforcing the computer protection of the most relevant infrastructures, with special attention to the health area due to its criticality.”

Although the regional cybersecurity agency was approved by the regional Assembly at the end of the year, since the PP enjoys an absolute majority, it is not yet working at full capacity.

The reason?

The Government had to back down on the appointment of its CEO, when EL PAÍS revealed that a retired general of the Civil Guard, affected by the

For now, that position remains vacant.

Subscribe here