- Hacker group Trinity claims to have stolen 560 GB of confidential data from the Spanish Tax Agency.
- They are demanding a ransom of $38 million before December 31, 2024 to prevent the stolen data from being made public.
- The Tax Agency denies having detected any breach in its systems, although experts in ciberseguridad they consider the threat credible.
- This cyberattack is part of a growing increase in ransomware attacks, which have reached record numbers in recent years in Spain.
The Spanish Tax Agency is at the centre of a serious cybersecurity incident. The hacker group known as Trinity claims to have stolen 560 gigabytes of confidential data from the institution and threatens to publish it if a ransom of 38 million dollars is not paid before December 31. While the authorities deny that this attack took place, the pressure on the government's security systems is at its maximum.
The Trinity attack reportedly follows a double extortion pattern involving the theft and subsequent encryption of sensitive data. This modus operandi is increasingly common in cyberattacks targeting government institutions and strategic companies around the world, and Spain is no exception. The information allegedly stolen includes sensitive taxpayer data, such as tax returns, financial transactions and internal correspondence.
Details of the attack and the ransom demanded
The Trinity group, which has gained notoriety in recent months for similar attacks on hospitals and government entities in the United States and the United Kingdom, claims to have used sophisticated methods to infiltrate the systems of the Tax Agency. The hackers are demanding the ransom in dollars, although the approximate amount in euros is 36 million.
The threat was posted on forums of the Dark web, where Trinity has set a December 31st deadline for payment. According to experts, such attacks usually begin with entry vectors such as fraudulent emails (Phishing) or unpatched vulnerabilities in systems.
What does the Tax Agency say?
The Tax Agency has categorically denied having been the victim of a cyber attack, assuring that all its systems are functioning completely normally. “All services have been reviewed and no evidence of encrypted equipment or data leakage has been detected,” said an official spokesperson, who also confirmed that they are keeping their systems under surveillance to detect any suspicious activity.
However, several cybersecurity experts have expressed doubts about these claims. They suggest that a breach could have occurred on secondary servers or backups, allowing the agency to continue operating without visible interruptions while data would already have been compromised.
The potential impact on taxpayers
If Trinity's claims are true, the consequences would be devastating for both the IRS and citizens. Personal and financial information of thousands of taxpayers could be exposed or sold on illegal markets, increasing the risk of fraud, identity theft and extortion.
This incident is reminiscent of the historic Equifax hack in 2017, in which the data of 150 million people was compromised. According to analysts, a similar attack on the IRS could expose critical information, from income and property to bank accounts and assets.
Ransomware in Spain: An upward trend
Cyberattacks in Spain have grown alarmingly in recent years. According to the National Institute of Cybersecurity (Incibe), more than 2023 cybersecurity incidents were recorded in the country in 83.000 alone, an increase of 24% compared to the previous year. Among the affected entities are Ibex-35 companies, public bodies and strategic companies.
Ransomware, such as that used by Trinity, is one of the most common tools in these attacks. This type of malware not only encrypts data, but also threatens to release it if a ransom is not paid. According to a report by the U.S. Department of Health, Trinity is especially dangerous due to the absence of public tools to decrypt its locked files.
How to protect yourself from these threats
While authorities are investigating the case, citizens and businesses can take preventive measures to mitigate potential risks. These include:
- Review bank transactions regularly.
- Change passwords for services related to the Tax Agency.
- Stay informed through official channels.
- Report any suspicious activity to the authorities.
Although the Tax Agency has assured that no breach has occurred, this case underlines the importance of strengthening cybersecurity systems in the public and private sectors. With December 31 as the deadline, attention will be focused on the outcome of this threat, which could become one of the largest cyberattacks suffered in Spain.
I'm Alberto Navarro and I'm passionate about everything related to technology, from cutting-edge gadgets to software and video games of all kinds. My interest in digital began with video games and continued in the world of digital marketing. I have been writing about the digital world on different platforms since 2019, sharing the latest news in the sector. I also try to write in an original way so that you can stay up to date while having fun.
I studied Sociology at university and completed my studies with a Master's in Digital Marketing. So if you have any questions, I'll share with you all my experience in the world of digital marketing, technology and video games.