-
Spanish National Police arrested a suspect recently in Granada for exposing personal information of employees in top government institutions.
-
Investigators said the database which the bad actor leaked created an “immediate risk” to the personnel’s safety and even the government parastatals they work under.
-
The arrest is part of the wide crackdown by law enforcement in Spain due to data leaks that targets political interests in the country.
Spanish authorities have arrested an individual who was allegedly carrying out a massive doxing campaign which exposed sensitive personal information that belonged to many employees in different government institutions.
Based on Spain’s National Police reports, the information that the individual leaked belonged to employees who are under important government offices like the State Attorney’s Office, even the National Police, the Civil Guard, and the Ministry of Finance.
Also some of the employees work under the national tax agency, National Cybersecurity Institute (INCIBE), and the National Security Council,
Investigators went into action after they found a sensitive data leak which authorities said posed a serious immediate threat to both the individuals whose personal data was at risk and the institutions they work under.
The individual who carried out the attack is 16 years old and lives in Granada province, and the officers went to the residence to search after they got a warrant to do so from the court. They found and collected his computer equipment so that experts in forensic can carry out analysis for evidence.
The Search by the Police Brought Out Digital Evidence and Led to the Arrest
When the Spanish National Police officers searched the residence of the suspect in Granada province, they were able to seize many technological devices plus computer systems which they believe could have the key evidence that links the suspect to the data leak.
Authorities have not shared the full identity of the suspect but mentioned that specialists in forensics are checking the equipment they grabbed from the resident so they can conclude about the origin of the leak, the scope it covered and how the suspect distributed the data.
Currently, the investigation is still ongoing and authorities aim to establish whether there are other individuals who took part in gathering the data, processing and distributing them to the interested parties.
There is also another angle that officials want to check, i.e. if the leak was part of a larger network of bad actors who are working together to gather and share personal data from government databases or from other sources.
Before now, law enforcement agencies didn’t tolerate doxing and saw it as a serious cybercrime because once an information about someone enters the online circle, it remains there and any opportunistic cybercriminals can weaponize it against the owner long after the first time of publishing it was published.
Unfortunately, even if the owner manages to remove it from one platform, it might still be in play as many hackers might be circulating it through different encrypted messaging services, via some underground forums, & file-sharing channels.
The ongoing forensic review of the devices belonging to the suspect will help the investigators to know how the 16-year-old got the data and whether there was unauthorized access in the process. They also will determine if more individuals might have become victims in this case.
Arrest Reflects Spain’s Broader Crackdown on Politically Motivated Data Leaks
Before this arrest there had been many investigations looking into data leaks targeting top political figures & public officials in Spain. In July 2025, Spanish authorities arrested two suspects that were sharing personal information belonging to top shots in the government.
The three reported were Prime Minister Pedro Sánchez, and another victim, Congress President Francina Armengol. Also, bad actors leaked information belonging to Catalan President Salvador Illa, some journalists, and many other important figures.
According to what investigators uncovered in that leak, the bad actors shared the victims’ phone numbers, their identification documents, and residential addresses. They also shared the data related to their emails.
Authorities then revealed that these attackers used Telegram channels & some online communities that have many followings to share the data. The issues raised concerns about the level of coordinated harassment & political intimidation campaigns cybercriminals carry out.
Notably, the Spanish police have continued to warn the residents that criminals can use the personal information hackers leak to affect operations of government parastatals, threaten influential employees in these institutions, extort them and even launch an attack against democratic institutions.
Investigators also have the opinion that the doxing campaigns in these modern times stem from data which the perpetrators get from previous breaches, illicit databases, & cybercriminal marketplaces.
Spain has seen other teenage hackers involved in data breaches. A teen hacker was arrested for allegedly selling 64 million citizens’ data on the dark web, showing the scale of youth involvement in cybercrime.
This latest arrest of the hacker in Motril, Granada, shows the efforts that the Spanish authorities are making to combat harassment and data exposure incidents taking place online.
Authorities say this operation remains open as investigators attempt to uncover other people who participated in these leaks and hopefully, dismantle the networks that shared the sensitive information.
