The Spanish Ministry of Science, Innovation and Universities (Ministerio de Ciencia, Innovación y Universidades) has temporarily closed its electronic headquarters and key online systems following a suspected cyberattack, leading to concerns about the potential exposure of sensitive personal data.

The disruption began on February 3, 2026, when users attempting to access the ministry’s online platform were met with a notice explaining that digital services were closed due to a “technical incident” while authorities evaluated the situation. The ministry has since confirmed that the shutdown is connected to a security breach and assured the public that all ongoing administrative procedures have been suspended temporarily, with deadlines extended to protect those affected.

Claims of Stolen Data

An individual or group using the alias “GordonFreeman” – a reference to a fictional character from a popular video game – has claimed responsibility for the breach and announced on underground cybercrime forums that they illegally accessed and copied data from the ministry’s systems.

According to screenshots circulated by the alleged hacker, the stolen information supposedly includes:

• Scanned national identity documents (DNI or NIE)
• Scanned passports
• Email addresses connected to ministry accounts
• Financial records, including bank details like IBAN numbers
• Academic documents such as transcripts, certifications, and course plans

The threat actor claims to be offering these data sets for sale on illicit markets, drawing alarm from cybersecurity experts who warn of the heightened risk of identity theft and fraud if the claims are true.

Government Response and Investigation

Spanish authorities, including the State Agency for Digital Administration and the National Cryptologic Center, are reportedly investigating the full scope and impact of the intrusion. While the ministry has not publicly detailed exactly how the breach occurred, external cybersecurity reporting suggests the attacker may have exploited a known type of vulnerability that allows unauthorized users to access sensitive information by manipulating object references in a web application.

Officials say they are working to assess which systems were compromised and to strengthen network defenses, but as of now, the electronic headquarters remains offline as part of the containment process.

Broader Context of Rising Cyber Threats

This incident is the latest in a series of high-profile cyber threats affecting both public and private sectors in Spain. Recent analyses indicate that attacks targeting essential services and government infrastructure have been increasing steadily, highlighting the growing challenge of protecting digital data in an interconnected era.

For now, students, researchers and other stakeholders who interact with the ministry’s systems must wait for official updates, and anyone worried about possible exposure of their personal data may need to monitor their accounts for suspicious activity.