Cyberattack on Spain’s Ministry of Science Disrupts Key Services
A recent cyberattack on Spain’s Ministry of Science has resulted in a significant disruption of government IT systems, affecting daily operations for researchers, universities, students, and businesses nationwide. Initially labeled as a “technical incident,” further investigations and reports from Spanish media have confirmed it as a cyberattack, potentially compromising sensitive academic, personal, and financial data.
Announcement of System Shutdown and Suspended Services
The Ministry of Science, Innovation, and Universities, pivotal in Spain’s research and higher education landscape, released a notice stating that key digital services would undergo a temporary suspension. This closure is a serious matter, pointing to the far-reaching impacts of the disruption beyond a typical systems outage.
In an official announcement, the ministry stated, “Due to a technical incident that is being evaluated, the electronic headquarters of the Ministry has been partially closed.” It also mentioned that “all ongoing administrative procedures are suspended, ensuring the protection of the rights and legitimate interests of all individuals affected, which will result in an extension of all relevant deadlines.” This approach aims to maintain transparency and protect users, even as concerns about the incident’s nature surfaced.
Claim of Responsibility for the Cyberattack
Concerns deepened when a hacker known as “GordonFreeman” claimed responsibility on underground forums, asserting they had exploited a critical vulnerability known as Insecure Direct Object Reference (IDOR) to gain extensive administrative access to internal systems. The hacker shared alleged data samples, including screenshots of documents and email addresses, as potential evidence of the breach. Although these claims have yet to be independently verified, a spokesperson from the ministry confirmed that the IT disruption was indeed connected to this cyberattack, leading to heightened scrutiny.
Implications of Exposed Data
Claims made by the attacker suggest that the stolen data encompasses extremely sensitive information about students and researchers. This includes:
- Scanned identification documents such as NIEs and passports
- Email addresses
- Payment receipts with IBAN numbers
- Academic records, including transcripts and validated degrees
- Curricula containing personal data
If this data is confirmed as authentic, the implications could be dire, exposing countless individuals to risks of identity theft, financial fraud, and long-lasting privacy infringements. Academic information, due to its personal nature, poses unique challenges for those impacted, making it difficult to rectify or invalidate once leaked.
The Growing Cybercrime Landscape in Spain
This cyberattack is part of a broader trend of rising cybercrime in Spain. Cyber-related offenses now represent over 16% of all recorded crime in the country. Reports indicate a staggering 35% increase in attacks this year, with approximately 45,000 incidents recorded daily. Notably, between late February and early March, incidents surged by 750% compared to the previous year.
During the week of March 5 to March 11, 2025, Spain emerged as the most-targeted nation globally, responsible for nearly 22.6% of all cyberattacks, surpassing even the United States. Two main factors contribute to this concerning trend: a rapid digital transformation, often outpacing investments in cybersecurity, and a notable rise in ransomware attacks—up 120%—particularly targeting organizations with inadequate defenses, such as public institutions and small to medium enterprises (SMEs).
Urgent Need for Enhanced Cybersecurity Measures
The incident involving the Ministry of Science underscores a critical reality: digital services lacking robust security measures can transform from assets into liabilities. As public sector services increasingly shift online, cybersecurity must be prioritized rather than treated as secondary. The ongoing vulnerability highlighted by this incident serves as a stark reminder that systemic gaps in public-sector cybersecurity need urgent attention; otherwise, incidents like this will continue to recur, threatening both individual and institutional security.
