Spanish authorities have detected Pegasus spyware in the mobile phones of Prime Minister Pedro Sanchez and Defence Minister Margarita Robles, the government minister for the presidency, Felix Bolanos, said on Monday.
Bolanos told a news conference Sanchez’s phone was infected in May 2021 and at least one data leak occurred then. He would not say who could have been spying on the premier and whether any foreign powers or Spanish groups were suspected of being behind it.
“The interventions were illicit and external. External means carried out by non-official bodies and without state authorisation,” he said, adding that the infections had been reported to the justice ministry, and the High Court would be in charge of the case.
Prime Minister Sánchez’s mobile phone was breached twice in May 2021, and Defense Minister Margarita Robles’ device was targeted once the following month, Bolaños clarified. He said the breaches resulted in a significant amount of data being obtained, and that reports detailing the breaches have been transferred to Spain’s National Court for further investigation.
“We have no doubt that this is an illicit, unauthorised intervention,” Bolaños said. “It comes from outside state organisms and it didn’t have judicial authorisation.”
Spain’s government is under pressure to explain why the cellphones of dozens of people connected to the separatist movement in the northeastern Catalonia region were infected with Pegasus between 2017 and 2020, according to cybersecurity experts’ group Citizen Lab.
The announcement followed intense pressure on the leftist coalition government to explain itself after Canada’s digital rights group Citizen Lab said more than 60 people linked to the Catalan separatist movement had been targets of Pegasus spyware made by Israel’s NSO Group.
After the allegations of spying on members of the Catalan separatist movement, the minority government’s key ally in parliament, Catalonia’s leftist pro-independence party ERC, said it would not support the government until Madrid takes measures to restore confidence.
The European Union’s data protection watchdog has called for a ban on Pegasus over allegations it has been abused by client governments to spy on rights activists, journalists and politicians.