Cyber Incident Victim: Ministerio de Defensa de España

In January 2025, the Spanish government initiated an investigation into a large-scale data breach exposing the identities of approximately 160,000 individuals associated with the Guardia Civil, Armed Forces, and Ministry of Defense. Cybercriminals published three databases on a forum dedicated to sharing stolen information, with two databases containing 109,000 records of Guardia Civil personnel and one database containing 84,000 records from the Ministry of Defense. The exposed information included full names and email addresses of military personnel, security agents, and defense staff. The Center for Systems and Information and Communication Technologies (CESTIC), under the Ministry of Defense, began verifying the authenticity of the leaked data and assessing the breach's scope. This incident followed a prior cybersecurity event in April where an external medical provider for defense personnel, Medios de Prevención Externos Sur SL, suffered an attack compromising similar volumes of data including mobile numbers, birth dates, genders, job positions, and medical results.

While the current breach lacked highly sensitive information like passwords or medical records present in the April incident, authorities investigated potential connections between both events. The attackers' forum post specifically excluded the broader dataset stolen in the earlier provider breach. Security analysts noted the published data could enable identity impersonation, targeted phishing campaigns against military systems, and revelation of non-public affiliations with security institutions. Risks extended beyond direct personnel impacts, as criminals could weaponize Guardia Civil email addresses to launch fraudulent fine notices or police investigation scams against civilians and defense contractors. The Ministry of Defense maintained active investigations into alternative breach origins while acknowledging the operational security implications of exposing personnel identities at scale.