The Spanish National Police has arrested an individual for leaking sensitive information related to members of various key state organizations, including the National Cybersecurity Institute (INCIBE).
According to authorities, the individual is responsible for a massive leak of personal data, which carried national security risks because of the people exposed.
The police notes that the published data was from the State Attorney General’s Office, INCIBE, the National Police, the Civil Guard, and the National Security Council, all critical entities in the country.
After identifying and locating the person responsible for the leak, the police raided their residence and seized computers and other electronic devices that could contain technical forensic evidence.
“The investigation, overseen by Madrid Investigative Court No. 22, began after authorities detected the mass dissemination of this data, which created an immediate risk to the security and integrity of both the affected individuals and the institutions themselves,” Spain’s National Police says.
“Given the seriousness of the situation, an urgent operation to locate and arrest the perpetrator was launched, culminating last Wednesday, May 27, with the arrest of the perpetrator and a search of his home.”
The police press release did not mention whether the same individual was also responsible for breaching the portals.
However, INCIBE posted in February about an ongoing doxing operation and stated that there was no direct compromise of their systems, but rather a targeted collection and publication of data impacting key entities and their employees.
Potential sources of such data include older breaches, credential dumps, and OSINT tools, with the data being aggregated and correlated to create curated collections.
Some leaked records reportedly contained outdated information and even the names of employees who had left INCIBE years earlier.
The threat group responsible for this leak was reportedly ‘Police-ESP-Doxed,’ who leaked it in one of BreachForum’s iterations available at the time.
Later, in March, the personal data of hundreds of Spanish judges and prosecutors was published on Doxbin, including full names, DNI numbers, personal mobile phone numbers, and professional email addresses.
The police are currently examining seized devices for evidence of additional participants, so more arrests may follow.
Automated pentesting tools deliver real value, but they were built to answer one question: can an attacker move through the network? They were not built to test whether your controls block threats, your detection rules fire, or your cloud configs hold.
This guide covers the 6 surfaces you actually need to validate.
