Personal data and confidential medical information of national police and civil guards, in the hands of hackers. The company Medios de Prevention Externos Sur SL (MPE), in charge of carrying out periodic health examinations for Security Forces agents, has sent a communication to them informing them that on March 22 their computer system suffered a cyber attack with a type of virus ransomware Lockbit 3.0 that has affected the data you have on them. This type of malicious software is used by hackers to kidnap the information contained in the systems of private companies and public organizations through encryption that makes it inaccessible in order to subsequently request a high financial amount as a ransom for releasing it. It is the same virus that affected the Seville City Council last September and forced it to suspend all its telematic services.
Among the personal information that the hackers There is the professional identification number of each agent, their gender, their mobile phone number, their email address and the results of their medical check-ups, although not their name and surname. The General Directorate of the Civil Guard has asked agents to be “alert to suspicious emails or messages or calls that could impersonate the company.” EL PAÍS has tried without success to contact the company. Police Justice (Jupol) and Justice for the Civil Guard (Jucil) have asked this Tuesday for explanations from the Ministry of the Interior for what happened and demanded that companies that handle confidential information of agents be required to increase their cybersecurity measures.
The leak of information became known after it was the MPE itself who sent the agents an email, to which EL PAÍS has had access, in which it informed them that it had filed a complaint with the Civil Guard for the cyberattack and that “we are working together with Telefónica to try to reverse, solve and investigate the aforementioned events.” In the same message it was recognized that the authors “could have had access” to certain “confidential data of the personnel of the Civil Guard and the Armed Forces and civilian personnel assigned to the General Directorate of the Civil Guard.” Specifically, it details eight: professional identification card (TIP) number, mobile phone, email, date of birth, sex, job position, medical examination result and fitness certificate.
However, the company assured that “there is no evidence that a leak of said information has occurred” and that it has adopted up to four “corrective actions” to prevent it from happening again. MPE added that it has “backup copies” of all the information contained in its equipment and that, therefore, it could “continue providing the service to all personnel subject to medical examinations.” The letter, which is signed by the company's general director, made an email address available to those affected “for any clarification, doubt or query in this regard.”
The General Directorate of the Civil Guard has also sent an internal notification to its agents in which it emphasizes that the cyberattack has affected the company's systems, but not those of the armed institute. “The information of the Civil Guard has not been compromised in this attack,” he points out before adding that “so far there is no record or evidence of any information leak.” In its communication, the general management recalls that MPE does not have the names, surnames or ID of any agent, despite which it recommends that they be alert “to suspicious emails or messages or calls that could impersonate the MPE company.”
What affects the most is what happens closest. So you don't miss anything, subscribe.
Subscribe
Subscribe to continue reading
Read without limits
_
#cyber #attack #puts #medical #data #police #civil #guards #risk