The Mossos d'Esquadra police have been victims of a cyberattack carried out by hackers who were able to enter one of the servers of the Catalan police force and obtain critical personal data. Specifically, the IT criminals obtained a document which named the people who were on duty on the night of February 1st, 2024 at the Roca del Vallès penitentiary centre. Among the data obtained, which affects several categories of staff, there are the names and codes of officers and leaders, their identification numbers and their telephone numbers. The stolen data was published on a Telegram channel which is not widely known to the public, but of great importance for hackers.
As soon as the Catalan police learned of the leak, the Mossos' risk and protection assessment plan was activated, chaired by the commissioner in charge, among other command groups that form part of the police body. The situation was communicated to the affected officers and to the Data Protection Agency, the corporate email address which they accessed was blocked, and a criminal investigation was opened to clarify what happened, at the same time as the judicial authorities were informed. At present, investigators are working to discover how the cybercriminals accessed the server of one of the computers in the penitentiary area, from which they obtained the information. Another key element is to find out what other information they obtained access to: since for the moment the details of the February 1st duty roster is the only data published, it is suspected that they may have obtained more information that they not yet brought to light. The motivation that the cybercriminals had is a further key issue that the investigators are working to resolve. At the moment, it is unknown whether their intention is to demand monetary ransom to avoid more information being made public.
Police union was hacked once in the past
The current cyberattack is not the first experienced by the Catalan police force. In 2016, the trade union of the Mossos d'Esquadra police (SME, in its Catalan acronym) was hacked and, for eight hours, through its social media, messages were published and the personal data of officers affiliated to the union was disseminated, with nearly 5,500 people directly affected. Their full names, police numbers, ID, bank details, telephone numbers and even, in some cases, their home addresses were made public. A few days later, a hacker, Phineas Fischer, claimed responsibility for the attack and uploaded a video explaining how he had accessed the website of the Mossos d'Esquadra union. Subsequently, the Catalan police's investigation into the attack pointed to two possible suspects, after Mossos d'Esquadra union's site had been accessed from their proxy. Both were arrested.