Back

Spain Arrests Hacker for Doxing Sensitive Government Officials

Severity: Medium (Score: 56.9)

Sources: www.incibe.es, Bleepingcomputer, Surinenglish

Published: 2026-06-01 · Updated: 2026-06-02

Keywords: leaking, sensitive, data, arrested, state, national, spain

Severity indicators: sensitive data

Summary

The Spanish National Police arrested an individual for leaking sensitive personal data of government employees, including those from key organizations like INCIBE and the National Police. The leak posed significant national security risks due to the exposure of officials' information. The suspect was located in Granada, where police seized computers and electronic devices for forensic analysis. The investigation began after authorities detected a massive data leak that threatened the safety and integrity of affected individuals and institutions. The leaked data reportedly included outdated information and was aggregated from various sources, including older breaches and OSINT tools. The police are examining the seized devices for evidence of additional participants, indicating that further arrests may occur. This incident follows a previous doxing operation that targeted Spanish judges and prosecutors earlier in the year. Key Points: • A suspect was arrested for leaking sensitive data of government officials in Spain. • The data leak involved key organizations, including INCIBE and the National Police. • The investigation is ongoing, with potential for more arrests as forensic analysis continues.

Detailed Analysis

**Impact** Sensitive personal data of employees from multiple critical Spanish state institutions were leaked, including the National Cybersecurity Institute (INCIBE), State Attorney General's Office, National Police, Civil Guard, National Security Council, Ministry of Finance, and the tax agency. The leak affected hundreds of individuals, including judges and prosecutors, exposing full names, DNI numbers, personal mobile phone numbers, and professional emails. This exposure poses immediate risks to the security and integrity of both individuals and national institutions, with potential for extortion, targeted threats, or coordinated attacks. The incident is localized to Spain but impacts key national security sectors. **Technical Details** The attack involved doxing through aggregation and correlation of data from older breaches, credential dumps, and OSINT tools rather than direct system compromise. No malware or CVEs were reported as exploited. The threat actor, identified as ‘Police-ESP-Doxed,’ published the data on BreachForum and Doxbin platforms. Law enforcement seized computers and electronic devices during a raid in Granada for forensic analysis. The kill chain stage corresponds to data collection and public disclosure of sensitive information. **Recommended Response** Organizations should monitor for signs of data aggregation and unauthorized data publication on dark web and public forums. Enhance detection of OSINT-based reconnaissance and implement stricter access controls to limit exposure of personal data. Review and update data protection policies, especially for personnel information, and coordinate with national data protection authorities. Law enforcement and cybersecurity units should continue forensic analysis of seized devices to identify additional threat actors.

Source articles (3)

  • Hacker arrested in Granada after leaking personal data of state officials — Surinenglish · 2026-06-01
    Spain’s National Police have arrested a suspect accused of publishing the personal data of staff across some of the country’s most sensitive state institutions. The targeted organisations include INCI…
  • Spain arrests doxer leaking sensitive data of govt employees — Bleepingcomputer · 2026-06-01
    The Spanish National Police has arrested an individual for leaking sensitive information related to members of various key state organizations, including the National Cybersecurity Institute (INCIBE).…
  • INCIBE posted in February — www.incibe.es · 2026-06-01
    INCIBE ha tenido conocimiento de publicaciones en plataformas de doxing que exponen datos personales atribuidos a antiguos y actuales empleados. Un aspecto clave para interpretar correctamente estos c…

Timeline

  • 2026-03-01 — Doxing operation targets judges and prosecutors: Personal data of hundreds of Spanish judges and prosecutors was published, raising security concerns.
  • 2026-05-27 — Suspect arrested in Granada: The Spanish National Police arrested an individual responsible for leaking sensitive personal data of government employees.
  • 2026-06-01 — Police announce ongoing investigation: Authorities confirmed the investigation is open to identify additional participants involved in the data leak.

Related entities

  • Data Breach (Attack Type)
  • Phishing (Attack Type)
  • Civil Guard (Company)
  • Incibe (Company)
  • Ministry Of Finance (Company)
  • National Police (Company)
  • National Security Council (Company)
  • Public Prosecution Service (Company)
  • State Attorney General's Office (Company)
  • State Attorney's Office (Company)
  • Spain (Country)
  • T1566 - Phishing (Mitre Attack)
  • T1567 - Exfiltration Over Web Service (Mitre Attack)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed