Spanish National Police arrested a man in Granada for allegedly publishing sensitive personal data belonging to personnel from several high-profile state institutions, including the National Police, Civil Guard, Attorney General’s Office, National Security Council, and Spain’s National Cybersecurity Institute (INCIBE). Authorities said the information was disseminated across multiple online platforms, creating immediate risks to both the affected individuals and the operational security of the agencies involved.
The investigation, led by Madrid’s Court of Instruction No. 22, culminated in the suspect’s arrest on May 27 and a search of his home, where police seized computers and other electronic devices for forensic analysis. Officials described the breach as a large-scale exposure that could facilitate harassment, threats, extortion, or coordinated targeting of government workers, and said the inquiry remains active to determine the full scope of the leak and whether additional participants were involved.

Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
2 events from the most recent confirmed update back to the earliest known activity.
Authorities said personal data tied to personnel from multiple sensitive Spanish state institutions, including police, prosecutors, national security, and cybersecurity bodies, was published across several online platforms. Investigators assessed the disclosure as creating serious security risks for affected officials and institutions.
On 2026-05-27, the Spanish National Police arrested a man in Granada suspected of leaking the sensitive personnel data. Officers searched his home and seized computers and other electronic devices for forensic analysis as part of an ongoing investigation led by Madrid’s Court of Instruction No. 22.
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
4 references tracked. Mallory keeps watching after this page renders.
scworld.com
Open sourcehelpnetsecurity.com
Open sourcetherecord.media
Open sourcepolicia.es
Open sourceMap indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.