Spanish Police Arrest Doxer Who Leaked Sensitive Data of Government Employees
What Happened — Spanish National Police detained an individual responsible for publishing personal data of employees from the State Attorney General’s Office, INCIBE, the National Police, the Civil Guard, and the National Security Council. The leak, attributed to the “Police‑ESP‑Doxed” group, included names, ID numbers, phone numbers, and email addresses, some of which were outdated.
Why It Matters for TPRM —
- Exposure of government personnel data creates direct national‑security risks and can be leveraged for targeted attacks.
- Third‑party vendors that process or store government data may inherit the same exposure if the compromised records include contractor information.
- The incident highlights the need for continuous monitoring of open‑source intelligence (OSINT) leaks that can surface legacy breaches.
Who Is Affected — Government agencies (national security, law enforcement, judicial bodies) and any third‑party service providers handling their personnel data.
Recommended Actions —
- Verify that any vendors with access to Spanish government personnel data have robust data‑handling and breach‑notification procedures.
- Conduct a forensic review of any shared data repositories for signs of prior exposure.
- Enhance monitoring of OSINT feeds and breach‑forum postings for early detection of data dumps.
Technical Notes — The leak appears to have been compiled from older breaches, credential dumps, and publicly available OSINT tools rather than a direct system compromise. No evidence of a technical breach of the agencies’ networks was disclosed. Source: BleepingComputer