A massive leak of personal data has affected 47 public officials from up to fifteen autonomous communities in Spain. The security breach was detected on a portal specializing in the illicit publication of personal information and has put state cybersecurity services on alert.
Sensitive Data Exposed and Warning of New Leaks
Among those affected are top political leaders such as Isabel Díaz Ayuso, Juan Manuel Moreno Bonilla, María Guardiola, Alfonso Fernández Mañueco, Imanol Pradales, Carlos Mazón, María Chivite, and Jorge Azcón. The compromised data varies by case and includes email addresses, mobile phone numbers, national identity documents, full postal addresses, vehicle license plates, bank account numbers, and references to domestic utilities such as gas meters
The alleged perpetrator of the attack identifies himself online with the alias "Eurogosth". He has spread intimidating messages aimed at politicians from different communities and warns of a possible second phase in which more personal data, including information about family members, could appear. The message spread by the attacker includes ideological references and a threatening tone.
Police Investigation and Recent Context
The National Police and the State's cybersecurity services have opened proceedings to identify those responsible for the attack. Among those affected are officials from PSOE, PP, PNV, and Coalición Canaria, while no representatives from Vox are listed.
This episode occurs just hours after another incident in which personal data of the Minister of Transport, Óscar Puente, the Secretary of State for Transport, José Antonio Santano, the President of Renfe, Álvaro Fernández Heredia, and the President of Adif, Luis Pedro Marco de la Peña, were leaked. The author of that previous attack, identified as "Vindex," disseminated identity documents, phone numbers, and addresses through forums specializing in computer hacking. According to the preliminary investigation, the motivation for that attack would be related to the railway accident that occurred in Adamuz, in which 45 people died.
Institutional Reaction and Risk Assessment
The National High Court investigated the previous events under the classification of cyberterrorism, a criminal offense that could be reapplied if the intimidating or destabilizing intent of this new leak is confirmed. From various government sectors, there is an insistence on the need to strengthen data protection systems and improve coordination between administrations to prevent new security breaches.
The impact of these attacks on the personal security of public officials and citizen trust in institutions is currently being assessed. The alert remains in effect throughout the territory, and cybersecurity teams are working to contain the spread of the leaked data.