The Cabildo de Tenerife faces the judicial investigation into four cases of fraud, through the method of phishingfor an amount greater than 818,000 euros committed between 2020 and 2022 in four dependent bodies: Titsa, Metropolitano de Tenerife, Balten and the Institute of Social and Health Care (IASS).
The data have been exposed before the plenary session of the corporation by the insular president, Pedro Martín (PSOE), at the request of the Popular Group, who has admitted that it is a “serious” matter and that, although “a lot” is being prepared in the corporation , with a lot of training for public employees, are not “immune” to this type of attack that occurs in institutions and private companies around the world.
Martín has detailed that the highest scam is that of the IASS with 300,071 euros (through laundry services) followed by Balten (226,100), Titsa (194,634) and Metropolitano de Tenerife (97,526).
He has said that the techniques “are becoming more sophisticated” and in this case, an “appearance of normality” was used, using bank logos and impersonating the identity of providers to, based on the request for an account change, request payment of bills.
As a result of these episodes, Martín has said that the Cabildo has intensified training in cybersecurity and has also deployed, hand in hand with the CNI, a comprehensive plan to which five other municipalities have already joined.
The president of Tenerife has regretted that it is “quite easy” to obtain public data from the institutions thanks to the transparency portals and the public sector contract platform, for which reason he has asked state agencies to strengthen security models so that these attacks suffered by the Cabildo are not “isolated” as something typical of a local corporation.
He has also said that all cases are reported to the National Police or the court and information files have been opened, while he has denied “different favorable treatment” between companies, especially in the case of Metropolitano, where no file was opened to the former manager, Andrés Muñoz (who took a year to report the scam) since he had already announced his departure from the company. Muñoz is the director of Cuna del Alma in the Puertito de Adeje, the tourism project with two precautionary stoppage orders for posing an imminent danger to the protected fauna and flora in the area, and for having destroyed an archaeological site.
“If I were there today, I would have an open file,” he indicated, although he said that an expert test and an external report were commissioned to clarify the facts.
The spokesman for the Nationalist Group, Carlos Alonso, has had an impact, in a brief speech, on improving “prevention” and putting efforts on suspected criminals and not on the responsibility of the Cabildo workers.
A protocol that was not activated
The non-assigned director, María José Belda, has shown her “doubts” about the scams and has charged against the “difference in treatment” between companies since no action was taken against Muñoz and in Balten a disciplinary file has been opened against a worker.
Belda believes that the responsibility, in any case, falls to the managers and senior workers of the companies and does not understand that an action protocol has not been activated in all public companies and the corporation itself once the first case was known.
The spokesman for Cs and vice president of the Cabildo, Enrique Arriaga, has pointed out that large technological multinationals also suffer attacks from phishing and he has agreed with Martín on how “simple” it is to access the Cabildo data, for which he has insisted on being “alert” and improving all procedures.
He has recognized that it is an “unpleasant situation” and in the specific case of Titsa, they are also studying whether the bank has some type of responsibility when authorizing payments.
Carballo, spokesman for Sí Podemos, has also regretted that no action has been taken against the former Metropolitan manager for taking a year to report the scam and, like Belda, he has also criticized the opening of files for intermediate positions and not putting magnifying glass on managers.
The spokesperson for Grupo Popular, Zaida González, has criticized the “inactivity” of the Cabildo and the lack of communication within the institution, since “the logical thing” was to bring together all the managers of the companies and take “more forceful measures.”
Javier Rodríguez, spokesman for the PSOE, has recognized the “total and absolute seriousness” of the events but also the “diligence” of the corporation in denouncing the cases, at the same time that he has assessed that despite the fact that the Cabildo suffers an average of 100,000 cyberattacks a week there have only been scams in four of the 69 public entities.
