Spanish labor agency suffers ransomware attack, union says

Security experts at the Spanish government’s National Cryptologic Center were responding to the incident.
Madrid, Spain's capital. A ransomware attack has hit a state employment benefits agency (Getty Images).

A ransomware attack has affected IT systems at a Spanish government agency that manages unemployment benefits, disrupting “hundreds of thousands” of appointments at the agency, a Spanish labor union said Tuesday.

The cyberattack on Spain’s State Public Employment Service (SEPE) affected the agency’s offices around the country, forcing employees to use pen and paper to take appointments, according to the Central Independent Trade Union and Civil Servants. The union alleged that the SEPE had aging IT systems that the agency had not upgraded.

SEPE plays an integral part in distributing unemployment benefits in a country where the coronavirus pandemic has hammered the economy. The number of jobless people in Spain is now 4 million, its highest rate in five years, according to official data. But SEPE Director Gerardo Gutiérrez said an interview with Spanish broadcaster RNE that the incident had not affected unemployment benefits, and that it has not led to the theft of personal data.

The attackers had not demanded a ransom, and SEPE was helping people reschedule their appointments with the agency, Gutiérrez said.


SEPE could not be reached for comment. A message on the agency’s website Tuesday said that “for reasons beyond SEPE’s control,” web services were down.

It was not immediately clear on Tuesday who was responsible for the ransomware attack, or how long SEPE would be dealing with it. Security experts at the Spanish government’s National Cryptologic Center were responding to the incident, according to Gutiérrez. The cryptological center’s incident response team did not respond to a request for comment.

The SEPE hack appears to be part of a long pattern of scammers trying to exploit Spaniards as they confront the economic impact of the pandemic. A year ago, when the country was locked down because of the virus, criminal hackers used mobile apps purporting to offer COVID-19 updates to try to steal data from Spaniards. Weeks later, researchers said crooks were using a hacking tool to try to steal money from customers of big Spanish banks

Sean Lyngaas

Written by Sean Lyngaas

Sean Lyngaas is CyberScoop’s Senior Reporter covering the Department of Homeland Security and Congress. He was previously a freelance journalist in West Africa, where he covered everything from a presidential election in Ghana to military mutinies in Ivory Coast for The New York Times. Lyngaas’ reporting also has appeared in The Washington Post, The Economist and the BBC, among other outlets. His investigation of cybersecurity issues in the nuclear sector, backed by a grant from the Pulitzer Center on Crisis Reporting, won plaudits from industrial security experts. He was previously a reporter with Federal Computer Week and, before that, with Smart Grid Today. Sean earned a B.A. in public policy from Duke University and an M.A. in International Relations from The Fletcher School of Law and Diplomacy at Tufts University.

Latest Podcasts