Cyber security researchers have noted a rise in identity theft. Industry insiders say it makes sense. Possessing someone’s credentials is like holding a key to their home. The burglar can insert that key, enter the house, and trigger no alarms. The same logic applies to the vast world of the Internet. If a cybercriminal gains the key, they can act without being noticed. This is what emerged with the attack on pet records managed by the Consell Valencià de Col·legis Veterinaris. The breach began on July 7 when credentials were stolen from a user, allowing unauthorized access without triggering security alerts. The intrusion continued until September 29, when the National Cryptology Center arrived and confirmed similar data thefts across Galicia and Cantabria.
CEO and founder of S2 Grupo, José Rosell, a recognized expert in cybersecurity and cyber intelligence, explains that the attack pattern affecting pet records is increasing rapidly. Once the attackers obtain the credentials and the alarms stay silent, they can gradually extract information. If the theft is done in bulk, it may raise suspicion, but the data can be stolen piece by piece, making detection harder. When access occurs through legitimate means, the situation becomes more complicated.
The expert notes that public administrations invest heavily in cybersecurity to defend their infrastructure, yet the exposure surface remains enormous. In a home, doors and windows are the critical points; online, those access points number in the thousands. Every mobile device, computer, or official tool can serve as a gateway. Access can occur through three main channels: people, technology, and processes. The most exploited vulnerability, Rosell emphasizes, is person-related.
A student at the University of Alicante reported a hack through the campus Wi-Fi network
Identity theft continues to rise. People often use weak passwords that can be cracked. Password-cracking tools exist, and if credentials are not strong, attackers can break in. People commonly reuse the same password across multiple sites. If criminals uncover a password, they test where else it works and may reuse or sell it. The market for selling credentials is substantial.
What are you, what do you know, and what do you have?
So what should be done in this situation? Rosell stresses that users should start with strong, unique passwords for every service. He recommends at least 15 characters combining uppercase letters, lowercase letters, and numbers. Second, reporting is vital. Victims of attacks should report them, and individuals who suspect an ongoing attempt should report it as well. Only a small fraction of cases are reported, and the full scope remains unknown. Traditional crime has stabilized, while cybercrime grows by roughly 30 percent each year. This is a serious issue, yet it often goes unrecognized. If the keys to a home are stolen, a person’s sense of safety can feel shattered. Yet many people keep the same password everywhere.
Security at the corporate and government level involves doubling or even tripling authentication systems. The goal is to verify that the user really is who they claim to be. Rosell describes the approach as a simple, clear concept. Access controls rely on three elements: what you are (biometrics such as fingerprints or facial recognition); what you know (passwords, usernames); what you have (a code sent to a phone). A secure system should require at least two of the three factors. Rather than lamenting authentication procedures, it is better to improve them and make it harder for criminals. Recognition of the problem and proactive strengthening of defenses are essential, the expert concludes.