Spain Arrests Suspect in Doxing of Government Employees, Including Cybersecurity Institute Staff
Spanish National Police have arrested an individual for leaking sensitive personal data of government employees, impacting key state organizations like the National Cybersecurity Institute (INCIBE).
The Spanish National Police have apprehended an individual accused of leaking sensitive personal information belonging to members of critical state organizations, including the National Cybersecurity Institute (INCIBE). Authorities stated that the disseminated data posed significant national security risks due to the exposure of individuals within these vital government entities.
The leaked information originated from sensitive government bodies such as the State Attorney General's Office, INCIBE, the National Police, the Civil Guard, and the National Security Council. The investigation was initiated after the mass dissemination of this data was detected, creating an immediate threat to the security and integrity of the affected individuals and the institutions themselves.
Following the identification and location of the suspect, law enforcement conducted a raid on their residence, seizing computers and electronic devices that are expected to yield crucial forensic evidence. The operation culminated in the arrest of the perpetrator and a thorough search of their home.
While the police press release did not explicitly confirm if the arrested individual was also responsible for breaching the portals from which the data was exfiltrated, INCIBE had previously noted in February that a doxing operation was underway. At that time, INCIBE stated that their systems had not been directly compromised, but rather that data impacting key entities and their employees was being systematically collected and published.
Security analysts suggest that the data could have been sourced from older data breaches, credential dumps, or through extensive open-source intelligence (OSINT) gathering. The information was likely aggregated and correlated to create targeted collections for doxing purposes. Some of the leaked records reportedly contained outdated information, including the names of individuals who had left INCIBE years prior.
The threat group reportedly associated with this leak was 'Police-ESP-Doxed,' which disseminated the data through one of the iterations of the BreachForum. This incident follows a similar event in March where personal data of hundreds of Spanish judges and prosecutors, including full names, national identification numbers, personal phone numbers, and professional email addresses, was published on Doxbin.
Investigators are currently examining the seized electronic devices for evidence of further accomplices or additional malicious activities. The ongoing examination may lead to more arrests as the full scope of the operation and the extent of any potential network breaches are uncovered.
The investigation underscores the persistent threat of doxing and data leaks targeting government personnel and critical infrastructure, highlighting the need for robust data protection measures and continuous monitoring of potential information exfiltration channels.