The CNMC suffers an attack and 2 billion mobile phone line owners’ data records are leaked
According to a note issued by the Audiencia Nacional, the CNMC (National Commission for Markets and Competition) has just suffered an attack on its servers, resulting in the leaking of data from more than two billion mobile phone line holder records in Spain. (There are currently around 60 million active mobile lines, so the remaining data presumably correspond to former subscribers and numbers that were still in the CNMC’s possession.)
Over 240GB of data have been stolen and, as the CNMC was the target, it is considered that national security has been compromised. As a result, the case now falls under the jurisdiction of the Audiencia Nacional and has been classified as a cyberattack offence.
For Judge María Tardón, it is too early to determine what purpose the perpetrator or perpetrators might have pursued with this action. However, she stated: “What is already clearly evident, even at this initial stage of the investigation, is that we are dealing with a massive cyberattack against an entity whose position within the State’s structure and essential role, as described, represents a serious and undeniable institutional breach. This is particularly significant in such a sensitive and critical area for normal operations, namely ensuring the proper functioning, transparency, and effective competition across all markets and productive sectors, to the benefit of consumers and users.”
I was personally unaware that the CNMC held personal data on mobile line owners (I had thought that only the mobile operators had this information), but if that is the case, it could be one of the largest data breaches of the year. The attackers’ motivation remains unknown.
