The Spain Ministry of Science cyberattack has caused a partial shutdown of government IT systems, disrupting services used daily by researchers, universities, students, and businesses across the country. While officials initially described the issue as a “technical incident,” boarding evidence and confirmations from Spanish media now point to a cyberattack involving potentially sensitive academic, personal, and financial data. The Ministry of Science, Innovation and Universities plays a central role in Spain’s research and higher education ecosystem. Any disruption to its digital infrastructure has wide-reaching consequences, making this incident far more serious than a routine systems outage.

Official Notice Confirms System Closure and Suspended Procedures

In a public notice published on its electronic headquarters, the ministry acknowledged the disruption and announced a temporary shutdown of key digital services. “As a result of a technical incident that is currently being assessed, the electronic headquarters of the Ministry of Science, Innovation and Universities has been partially closed.” The notice further stated: “All ongoing administrative procedures are suspended, safeguarding the rights and legitimate interests of all persons affected by said temporary closure, resulting in an extension of all deadlines for the various procedures affected.” The ministry added that deadline extensions would remain in place “until the complete resolution of the aforementioned incident occurs,” citing Article 32 of Law 39/2015. While procedural safeguards are welcome, the lack of early transparency around the nature of the incident raised concerns among affected users.

Spain Ministry of Science Cyberattack: Hacker Claims 

Those concerns intensified when a threat actor using the alias “GordonFreeman” appeared on underground forums claiming responsibility for the Spain Ministry of Science cyberattack. The attacker alleged that they exploited a critical Insecure Direct Object Reference (IDOR) vulnerability, granting “full-admin-level access” to internal systems. Data samples shared online—though not independently verified—include screenshots of official documents, email addresses, enrollment applications, and internal records. Spanish media outlet OKDIARIO reported that a ministry spokesperson confirmed the IT disruption was linked to a cyberattack and that the electronic headquarters had been shut down to assess the scope of the data breach. Although the forum hosting the alleged leak is now offline and the data has not resurfaced elsewhere, the screenshots appear legitimate. If confirmed, this would represent a serious breakdown in access control protections.

Alleged Data Exposure Raises Serious Privacy Concerns

According to claims made by the attacker, the stolen data includes highly sensitive information related to students and researchers, such as:

• Scanned ID documents, NIEs, and passports
• Email addresses
• Payment receipts showing IBAN numbers
• Academic records, including transcripts and apostilled degrees
• Curricula containing private personal data

If even a portion of this data is authentic, the Spain Ministry of Science cyberattack could expose thousands of individuals to identity theft, financial fraud, and long-term privacy risks. Academic data, in particular, is difficult to replace or invalidate once leaked.

Spain’s Growing Cybercrime Problem

This Spain Ministry of Science cyberattack incident does not exist in isolation. Cybercrime now accounts for more than one in six recorded criminal offenses in Spain. Attacks have increased by 35% this year, with more than 45,000 incidents reported daily. Between late February and early March, attacks surged by 750% compared to the same period last year. During the week of 5–11 March 2025, Spain was the most targeted country globally, accounting for 22.6% of all cyber incidents—surpassing even the United States. Two factors continue to drive this trend. Rapid digital transformation, fueled by EU funding, has often outpaced cybersecurity investment. At the same time, ransomware attacks—up 120%—have increasingly targeted organizations with weak defenses, particularly public institutions and SMEs. The Spain Ministry of Science cyberattack stresses a hard truth, digital services without strong security become liabilities, not efficiencies. As public administrations expand online access, cybersecurity can no longer be treated as a secondary concern or an afterthought. Until Spain addresses systemic gaps in public-sector cybersecurity, incidents like Spain Ministry of Science cyberattack will continue, not as exceptions, but as warnings ignored too long.