A new cybersecurity scandal is erupting in Spain: the personal data of dozens of high-ranking officials has been made public. Hackers operating under various pseudonyms published information about politicians and transport agency leaders, stating this was their response to the railway tragedy in Adamuz (Adamuz). Authorities have already launched an investigation, but it remains unclear how the perpetrators gained access to such sensitive information.
Those affected include not only members of the ruling party, but also heads of regional administrations and executives of major state-owned companies. Among them are Madrid president Isabel Díaz Ayuso, Andalusia leader Juan Manuel Moreno Bonilla, as well as ministers and top managers of Renfe and Adif. The hackers did not stop at names—addresses, phone numbers, passport details, and even personal email addresses were leaked online.
Chain of attacks
The attack unfolded in several stages. First, under the nickname Vindex, personal details about transport ministers and railway company directors appeared online. Then another hacker, using the alias Eurogosth, released data on regional leaders—ranging from Madrid to Navarre and the Basque Country. This time, the list included even those not directly connected to the transport disaster.
Special attention was drawn to a Telegram post where hackers published entire databases. Similar incidents have occurred before: last year, information about the country’s president, defense and foreign ministers, as well as intelligence agency employees, was leaked online. At the time, authorities promised to strengthen security, but it appears vulnerabilities remain.
Young and Dangerous
Most participants in such attacks are young people who are tech-savvy and unafraid to take risks. They use private forums and messengers to exchange information, sometimes even turning it into a competition to see who can hack a database first. This time, the attack was motivated by a railway tragedy, which hackers called ‘criminal negligence’ by officials.
Last year, police arrested two young people in the Canary Islands on suspicion of a similar attack. Back then, ministers’ addresses and phone numbers, as well as data on parliament members and regional leaders, were leaked online. Despite the arrests, the wave of cyberattacks shows no sign of stopping, and hackers’ methods are becoming increasingly sophisticated.
Authorities’ Response
The Spanish authorities have found themselves in a difficult situation. On one hand, there is an urgent need to find those responsible and prevent further leaks. On the other, the public demands transparency and explanations as to why the personal data of state officials was so vulnerable. Cybersecurity issues have once again come to the forefront, and trust in information security systems has been put at risk.
The investigation is just beginning, but it is already clear: the problem goes beyond a single leak. Hackers continue to look for new targets, while officials search for ways to protect themselves and their families. As cyberattacks become part of the political struggle, Spain faces a challenge that cannot be ignored.
