Cybersecurity scandal in the Spanish Tax Agency
21.1.2025
Question for written answer E-000250/2025
to the Commission
Rule 144
Nora Junco García (ECR), Diego Solier (ECR)
We are extremely concerned about the alarming cybersecurity situation in Spain, specifically in relation to the recent announcement of an alleged theft of data from the Spanish Tax Agency. According to numerous reports and cybersecurity companies, a group of hackers, using advanced technology called ‘Trinity’, claims to be in possession of more than 560 GB of sensitive information on Spanish taxpayers.
While the Spanish government has denied evidence of the attack, the country’s own cybersecurity experts are seriously investigating the threat. This incident, together with previous episodes such as the attack on the Spanish Directorate-General for Traffic, is evidence of an alarming lack of preventive measures and inadequate management in the protection of citizens’ sensitive data.
The seriousness of this case not only puts citizens’ privacy at risk, but also exposes systemic negligence in the Spanish public administration.
In light of the above, can the Commission answer the following:
- 1.Does the Commission consider that Member States’ state cybersecurity systems should be more strictly assessed by EU bodies to avoid cross-border risks?
- 2.What action does the Commission intend to take to ensure that personal data across the EU is protected against national negligence?
Submitted: 21.1.2025