Spanish Ministry of Science Hit by Cyberattack, Disrupting Critical Services
Spain’s Ministry of Science, Innovation, and Universities (Ministerio de Ciencia, Innovación y Universidades) has partially shut down its IT systems following a suspected cyberattack, disrupting key services for researchers, universities, and students. The ministry, which oversees science policy, research, and higher education, confirmed a "technical incident" but provided no further details. However, a threat actor claiming responsibility has leaked data samples as proof of the breach.
The ministry’s electronic headquarters remains partially offline, suspending administrative procedures while extending deadlines for affected users under Spanish law. A notice on its website assures that measures are in place to protect the rights of those impacted.
The attack has been linked to a threat actor using the alias GordonFreeman, who posted stolen data on underground forums, including personal records, email addresses, enrollment applications, and screenshots of official documents. The hacker claims to have exploited an Insecure Direct Object Reference (IDOR) vulnerability, gaining admin-level access to the ministry’s systems. While the leaked data appears legitimate, its authenticity remains unverified.
The forum hosting the breach details has since gone offline, and no further leaks have surfaced. Spanish media reports indicate that the ministry has acknowledged the disruption as a cyberattack, though no official statement on the attacker’s claims has been released. The incident highlights growing risks to government systems handling sensitive research and administrative data.
Ministry of Science and Innovation of Spain cybersecurity rating report: https://www.rankiteo.com/company/cienciagob
"id": "CIE1770330826",
"linkid": "cienciagob",
"type": "Cyber Attack",
"date": "2/2026",
"severity": "100",
"impact": "6",
"explanation": "Attack threatening the economy of geographical region"{'affected_entities': [{'customers_affected': 'Researchers, universities, '
'students',
'industry': 'Government, Education, Research',
'location': 'Spain',
'name': 'Ministerio de Ciencia, Innovación y '
'Universidades (Spanish Ministry of Science, '
'Innovation, and Universities)',
'type': 'Government Ministry'}],
'attack_vector': 'Insecure Direct Object Reference (IDOR)',
'customer_advisories': 'Notice on ministry website regarding extended '
'deadlines and protection of rights',
'data_breach': {'data_exfiltration': 'Yes (leaked on underground forums)',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High (personally identifiable '
'information, administrative data)',
'type_of_data_compromised': ['Personal records',
'Email addresses',
'Enrollment applications',
'Official documents']},
'description': 'Spain’s Ministry of Science, Innovation, and Universities '
'(Ministerio de Ciencia, Innovación y Universidades) has '
'partially shut down its IT systems following a suspected '
'cyberattack, disrupting key services for researchers, '
'universities, and students. The ministry confirmed a '
"'technical incident' but provided no further details. A "
'threat actor claiming responsibility has leaked data samples '
'as proof of the breach.',
'impact': {'brand_reputation_impact': 'Potential reputational damage due to '
'data leak',
'data_compromised': 'Personal records, email addresses, enrollment '
'applications, official documents',
'downtime': 'Partial shutdown, administrative procedures suspended',
'identity_theft_risk': 'High (personal records and PII exposed)',
'operational_impact': 'Disruption of key services for researchers, '
'universities, and students',
'systems_affected': 'Ministry’s IT systems, electronic '
'headquarters'},
'initial_access_broker': {'entry_point': 'Insecure Direct Object Reference '
'(IDOR) vulnerability',
'high_value_targets': 'Admin-level access to '
'ministry systems'},
'investigation_status': 'Ongoing',
'post_incident_analysis': {'root_causes': 'Insecure Direct Object Reference '
'(IDOR) vulnerability'},
'references': [{'source': 'Underground forums (now offline)'},
{'source': 'Spanish media reports'}],
'response': {'communication_strategy': 'Notice on website assuring protection '
"of affected users' rights, extension "
'of deadlines',
'containment_measures': 'Partial shutdown of IT systems, '
'suspension of administrative '
'procedures'},
'threat_actor': 'GordonFreeman',
'title': 'Spanish Ministry of Science Hit by Cyberattack, Disrupting Critical '
'Services',
'type': 'Data Breach',
'vulnerability_exploited': 'Insecure Direct Object Reference (IDOR)'}