Spanish Police Arrest Hacker Linked to Massive Government Data Leak Spanish authorities have detained a hacker in Granada suspected of leaking sensitive personal data belonging to officials from key government institutions. The arrest, made last week, follows an investigation into the online publication of private information tied to members of the National Police, Civil Guard, Attorney General’s Office, National Security Council, and Spain’s National Cybersecurity Institute (INCIBE). During a search of the suspect’s home, police seized computer equipment and electronic devices for forensic analysis. The leaked data, posted across multiple online platforms, is believed to pose significant risks, including harassment, threats, extortion, and targeted attacks against affected individuals and their agencies. The investigation remains active as authorities work to determine whether additional accomplices were involved or if a broader network facilitated the data’s dissemination. Neither the suspect’s identity nor a motive has been disclosed. This arrest follows a separate case earlier this year, in which a 19-year-old was detained for allegedly stealing and selling 64 million personal records from nine companies. Authorities have not confirmed any connection between the two incidents.

In August 2025, the State Attorney General’s Office detected a cybersecurity incident involving unauthorized access to files containing personal data, including names, Social Security numbers, and medical information. While the investigation found no evidence of misuse or attempted misuse of the compromised data, the breach exposed sensitive information of an undisclosed number of individuals. The office engaged cybersecurity experts, implemented additional security measures, and reported the incident to the FBI. Affected individuals were notified in November 2025 and offered identity protection services. The breach underscores vulnerabilities in handling personally identifiable information (PII), though no financial fraud, public disclosure, or systemic disruption was confirmed. The office emphasized its commitment to privacy and urged affected parties to monitor financial accounts and credit reports for suspicious activity.