Spanish National Police have arrested a suspect accused of leaking sensitive personal information belonging to employees of several key government institutions, including cybersecurity, law enforcement, and national security agencies. Authorities said the disclosures created significant national security concerns due to the nature of the organizations affected.
According to investigators, the suspect allegedly published personal data connected to employees of the National Cybersecurity Institute (INCIBE), the National Police, the Civil Guard, the National Security Council, and the State Attorney General’s Office. The leaked information reportedly included details that could be used to identify and potentially target personnel working in sensitive government roles.
Spanish authorities described the incident as a large-scale doxing operation. Doxing involves the unauthorized publication of personal information about individuals, often with the intent to intimidate, harass, or expose them. In this case, officials said the leaked data concerned personnel from organizations responsible for national security, cybersecurity operations, law enforcement, and criminal investigations.
The arrest follows an investigation conducted by specialized cybercrime units within the Spanish National Police. Investigators traced the activity to a single suspect who is believed to have played a central role in obtaining and distributing the information online. Authorities have not publicly disclosed the identity of the individual or detailed exactly how the data was acquired.
Officials have also not confirmed how many people were affected by the leaks. However, police said the exposed information related to multiple government organizations and carried risks beyond ordinary privacy violations because of the positions held by many of the victims. Employees of cybersecurity agencies, law enforcement bodies, and national security institutions are often considered higher-risk targets for harassment, intimidation campaigns, and further cyberattacks.
The case adds to a series of recent investigations in Spain involving the theft and disclosure of sensitive personal information. Over the past year, Spanish authorities have arrested several individuals accused of leaking or selling data obtained from government agencies, companies, journalists, and public officials.
Under Spanish law, the unauthorized acquisition, disclosure, or distribution of personal information can carry significant criminal penalties. The Spanish Criminal Code provides prison sentences for obtaining private data without authorization and for disseminating that information to third parties, with harsher penalties possible when the disclosures affect sensitive information or public institutions.
Police have not announced whether additional arrests are expected as part of the investigation. Authorities said digital evidence seized during the operation is being examined to determine the full scope of the leaks, identify potential accomplices, and establish whether any additional datasets were obtained or distributed.