Wednesday, November 30

The National Court investigates the attack on the system with which the Judiciary requests information from the Treasury and the Police

The judge of the National High Court (AN) José Luis Calama investigates the cyberattack suffered last October by the Judicial Neutral Point, the communication system managed by the General Council of the Judiciary (CGPJ) that allows centralizing and transferring requests for information between the judicial bodies and the Tax Agency, the Police or the National Institute of Social Security.

As reported by the National Court itself, the head of the Central Court of Instruction Number 4 agreed on October 20 to initiate preliminary proceedings as a result of a complaint filed by the governing body of the judges in which the cyberattack was warned, that could have affected personal data of taxpayers deposited in the databases of the Tax Agency.

As a first measure, Judge Calama has decreed the secrecy of the proceedings for a period of one month while requesting a series of reports from the Tax Agency and the National Cryptologic Center on the scope of the reported events.

The same, explain from the National High Court, could constitute a crime against a high body of the nation and, without prejudice to further qualification, a crime of discovery and disclosure of secrets.

The Council itself reported this week on the attack, which would have been detected in the second half of October. “From that very moment, cybersecurity measures were adopted to contain and neutralize computer attacks of this type,” the CGPJ explained in a statement.

Parallel investigation

The governing body of the judges pointed out in it that the Judicial Neutral Point was “used by the attackers to access other public institutions” and stressed that in the attack “data related to judicial procedures or other information in power of the courts and tribunals.

From the Council they explained that, once the cyberattack was detected, the facts were brought to the attention of the Cybersecurity Operations Center of the General Administration of the State and its Public Bodies (COCS), as well as the National Cryptologic Center (CCN-CERT).

According to the CGPJ, after said notification -and in coordination with both centers- “the corresponding investigation and mitigating measures” were adopted. Likewise, the Council notified the Spanish Agency for Data Protection (AEPD) and the Directorate for Supervision and Control of Data Protection of the governing body of the judges.

Leave a Reply

Your email address will not be published. Required fields are marked *