Massive hole in the DGT: data of 34 million drivers put up for sale

The Dirección General de Tráfico (DGT) is facing a serious data breach. Cybercriminals have put up for sale the personal information and vehicle details of over 34 million drivers in Spain. The compromised data includes license plate numbers, full names, IDs, addresses, and vehicle insurance details. This information has been offered on a specialized forum for buying and selling stolen data since May 13.

The magnitude of this breach is alarming not only because of the sheer volume of stolen data, but also due to its level of detail and extent. Cybercriminals are allowing the purchase of the entire database or specific searches on individuals, making it easier to commit identity fraud and other scams.

Cybersecurity experts estimate that this data could be sold for millions of euros, given its sensitivity and the vast amount of exposed information. The combination of ID, license plate, and address is enough for cybercriminals to create fake profiles, apply for loans in the victims’ names, or carry out other fraudulent activities.

So far, the DGT has not issued an official statement regarding the incident. However, sources close to the investigation suggest that the data was likely extracted in a recent cyberattack. Clues point towards a national actor being responsible for the breach, similar to the recent security incidents experienced by entities such as Banco Santander, Iberdrola, and Telefónica.

The closest precedent to this type of attack occurred back in March when the National Police arrested a 23-year-old from Murcia for stealing 40 million license plates using, among other methods, his mother’s ID to access the DGT systems. Although in that case, the cybercriminal did not end up commercializing the stolen information, the severity of the incident highlighted the vulnerabilities in the DGT’s security systems.

It is unclear whether the information recently put up for sale is a copy of the previously stolen data or a new security breach. Cybersecurity experts agree that the real issue lies in the systemic vulnerabilities of the DGT. The increasing activity of cybercriminals in Spain, seeking to infiltrate governmental and corporate systems to steal and sell information quickly, worsens the situation.

The frequency and scale of these data breaches underscore the urgent need to improve cybersecurity measures and protect citizens’ personal information. Meanwhile, the drivers affected by this massive breach will need to watch out for potential fraud attempts and take steps to safeguard their identity and personal data.

With this latest data breach, it is evident that information security in public institutions requires a thorough review and the implementation of new strategies to prevent future incidents. Protecting personal data must be a priority to ensure citizens’ trust and safety.

Source: El Confidencial

Scroll to Top