Back

Massive Doxing Incident Exposes Spanish Judges and Prosecutors' Personal Data

Severity: High (Score: 70.0)

Sources: digitalperito.es, policia.es

Published: 2026-06-01 · Updated: 2026-06-02

Keywords: jueces, fiscales, doxbin, hackeo, espana, spain, national

Summary

On March 3, 2026, personal data of hundreds of Spanish judges and prosecutors was published on Doxbin, a notorious doxing platform. The exposed data includes names, personal ID numbers, mobile phone numbers, and professional emails. The incident is under investigation by the National Cryptological Center (CCN-CERT) and the National Police, who are examining whether the data was obtained through a direct hack of the General Council of the Judiciary (CGPJ). The breach is considered one of the most severe attacks against Spain's judicial structure, raising concerns about potential reprisals against the affected individuals. The investigation is ongoing, and a suspect was arrested on May 27, 2026, for revealing sensitive information related to various state institutions. This incident highlights the growing trend of doxing campaigns targeting public officials, posing significant risks to their safety and the integrity of state institutions. Key Points: • Hundreds of judges and prosecutors in Spain had their personal data exposed on Doxbin. • The National Police arrested a suspect linked to the mass publication of sensitive information. • The incident raises serious concerns about the safety of public officials and the potential for reprisals.

Detailed Analysis

**Impact** Hundreds of Spanish judges, prosecutors, and members of sensitive state institutions had their personal data exposed, including names, DNI numbers, personal mobile phones, and professional emails. The data leak affects judicial officials involved in cases against organized crime, terrorism, and narcotrafficking, increasing risks of intimidation and retaliation. The incident also impacted personnel from INCIBE, Policía Nacional, Guardia Civil, Consejo de Seguridad Nacional, Ministerio de Hacienda, and Agencia Tributaria. Spain ranked third globally in cyber incidents in early March 2026, with 14 reported events, reflecting a broader institutional vulnerability. **Technical Details** The data was published on Doxbin, a publicly accessible doxing platform, on March 3, 2026, under the label "Fuck Spain." The source of the data remains unconfirmed, with investigations ongoing to determine if it resulted from a direct hack of the Consejo General del Poder Judicial (CGPJ) databases or internal leaks. Authorities arrested a suspect on May 27, 2026, in Granada for unauthorized disclosure of secrets, with seized digital evidence under analysis. No specific malware, CVEs, or attack tools have been disclosed. The attack corresponds to the data exfiltration and dissemination stages of the kill chain. **Recommended Response** Prioritize monitoring for unauthorized access attempts to judicial and state institution databases, especially CGPJ systems. Implement strict access controls and audit logs for sensitive data repositories. Enhance detection rules for mass data exfiltration and unusual data publication activities on public platforms. Continue collaboration with law enforcement to analyze seized materials for IOCs and potential network indicators. No specific patches or CVEs have been identified for immediate remediation.

Source articles (2)

  • Spain's National Police says — policia.es · 2026-06-01
    La difusión masiva de información sensible puso en alerta a las autoridades por el grave riesgo para la Seguridad Nacional El arrestado publicaba datos de Fiscalía General del Estado, INCIBE, Policía…
  • Hackeo Jueces Fiscales Doxbin Cni Espana 2026 — digitalperito.es · 2026-06-01
    Nombres, DNI, teléfonos móviles personales y correos electrónicos de centenares de jueces y fiscales españoles han aparecido publicados en Doxbin , una de las plataformas de doxing más peligrosas de i…

Timeline

  • 2026-03-03 — Personal data published on Doxbin: Data of hundreds of judges and prosecutors appeared on Doxbin, including sensitive personal information.
  • 2026-03-07 — Investigation revealed by Estrella Digital: Estrella Digital reported that the exposure of data is under investigation for possible hacking and subsequent dissemination.
  • 2026-03-12 — CNI confirms investigation: The CCN-CERT confirmed their active investigation into how the data reached Doxbin, focusing on potential unauthorized access to CGPJ databases.
  • 2026-05-27 — Suspect arrested for doxing: A suspect was arrested in Granada for publishing sensitive data related to various state institutions, including judges and prosecutors.

Related entities

  • Data Breach (Attack Type)
  • Agencia Tributaria (Company)
  • Consejo De Seguridad Nacional (Company)
  • Consejo General Del Poder Judicial (Company)
  • Fiscalía General Del Estado (Company)
  • Guardia Civil (Company)
  • Incibe (Company)
  • Ministerio De Hacienda (Company)
  • Ministerio Fiscal (Company)
  • Policía Nacional (Company)
  • España (Country)
  • Estados Unidos (Country)
  • India (Country)
  • Spain (Country)
  • CWE-200 - Exposure of Sensitive Information (Cwe)
  • T1567 - Exfiltration Over Web Service (Mitre Attack)
  • Doxbin (Platform)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed