Spain’s Ministry of Science Hit by Cyberattack, Disrupting Research and Education Services
A cyberattack on Spain’s Ministry of Science, Innovation and Universities has triggered a partial shutdown of critical government IT systems, halting administrative procedures and exposing sensitive data. Initially dismissed as a "technical incident," evidence now confirms the disruption stemmed from a malicious breach, with potential consequences for researchers, students, and businesses nationwide.
The ministry acknowledged the outage in a public notice, suspending all ongoing procedures and extending deadlines under Article 32 of Law 39/2015 until systems are restored. While officials emphasized safeguards for affected users, the lack of early transparency fueled concerns later amplified when a threat actor, "GordonFreeman," claimed responsibility on underground forums.
The attacker alleged exploiting an Insecure Direct Object Reference (IDOR) vulnerability to gain "full-admin-level access," sharing unverified screenshots of internal documents, email addresses, and enrollment records. Spanish media reported that the ministry linked the disruption to a cyberattack, though the extent of the breach remains under investigation. The leaked samples including scanned IDs, passports, IBAN numbers, academic transcripts, and personal curricula suggest severe privacy risks if confirmed.
Spain’s cybercrime surge compounds the incident’s impact. With attacks rising 35% this year and a 750% spike in early 2025, the country became the most targeted globally in March 2025, accounting for 22.6% of all cyber incidents. Ransomware attacks, up 120%, increasingly target underprotected public institutions, exacerbated by rapid digital expansion outpacing cybersecurity investments.
The breach underscores vulnerabilities in Spain’s public-sector infrastructure, where weak defenses turn digital services into liabilities. As the ministry works to contain the fallout, the incident highlights broader systemic gaps in national cybersecurity.
Source: https://thecyberexpress.com/spain-ministry-of-science-cyberattack/
Ministry of Science and Innovation of Spain cybersecurity rating report: https://www.rankiteo.com/company/cienciagob
"id": "CIE1770374017",
"linkid": "cienciagob",
"type": "Cyber Attack",
"date": "3/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'customers_affected': 'Researchers, students, '
'businesses nationwide',
'industry': 'Education, Research, Public '
'Administration',
'location': 'Spain',
'name': 'Spain’s Ministry of Science, Innovation and '
'Universities',
'type': 'Government Ministry'}],
'attack_vector': 'Insecure Direct Object Reference (IDOR)',
'customer_advisories': 'Public notice acknowledging outage and suspension of '
'procedures',
'data_breach': {'data_exfiltration': 'Alleged (screenshots shared on '
'underground forums)',
'file_types_exposed': ['Scanned IDs',
'Passports',
'IBAN numbers',
'Academic transcripts',
'Personal curricula'],
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)',
'Financial Information',
'Academic Records']},
'description': 'A cyberattack on Spain’s Ministry of Science, Innovation and '
'Universities has triggered a partial shutdown of critical '
'government IT systems, halting administrative procedures and '
"exposing sensitive data. Initially dismissed as a 'technical "
"incident,' evidence now confirms the disruption stemmed from "
'a malicious breach, with potential consequences for '
'researchers, students, and businesses nationwide. The '
'attacker exploited an Insecure Direct Object Reference (IDOR) '
"vulnerability to gain 'full-admin-level access,' sharing "
'unverified screenshots of internal documents, email '
'addresses, and enrollment records. Leaked samples included '
'scanned IDs, passports, IBAN numbers, academic transcripts, '
'and personal curricula, suggesting severe privacy risks.',
'impact': {'brand_reputation_impact': 'Severe',
'data_compromised': 'Scanned IDs, passports, IBAN numbers, '
'academic transcripts, personal curricula, '
'email addresses, enrollment records',
'identity_theft_risk': 'High',
'operational_impact': 'Partial shutdown of critical systems, '
'suspension of administrative procedures',
'payment_information_risk': 'High',
'systems_affected': 'Government IT systems, administrative '
'procedures'},
'initial_access_broker': {'entry_point': 'Insecure Direct Object Reference '
'(IDOR) vulnerability'},
'investigation_status': 'Ongoing',
'lessons_learned': 'The breach underscores vulnerabilities in Spain’s '
'public-sector infrastructure, where weak defenses turn '
'digital services into liabilities. Rapid digital '
'expansion has outpaced cybersecurity investments, leaving '
'institutions underprotected against rising cyber threats.',
'post_incident_analysis': {'root_causes': 'Insecure Direct Object Reference '
'(IDOR) vulnerability, '
'underprotected public-sector '
'infrastructure, rapid digital '
'expansion outpacing cybersecurity '
'investments'},
'references': [{'source': 'Underground forums (threat actor claim)'},
{'source': 'Spanish media reports'}],
'regulatory_compliance': {'regulations_violated': ['Law 39/2015 (Article '
'32)']},
'response': {'communication_strategy': 'Public notice acknowledging outage',
'containment_measures': 'Suspension of administrative '
'procedures, extension of deadlines'},
'threat_actor': 'GordonFreeman',
'title': 'Spain’s Ministry of Science Hit by Cyberattack, Disrupting Research '
'and Education Services',
'type': 'Data Breach',
'vulnerability_exploited': 'Insecure Direct Object Reference (IDOR)'}