A large-scale cyberattack on the education system of Castilla-La Mancha has raised serious concerns across Spain. The actions of the attackers put the personal data of millions of families, students, and educators at risk. This incident not only exposed vulnerabilities in digital platforms but also forced authorities to urgently reconsider information security approaches in the education sector.
Arrests and investigation details
Two young men, detained in Valencia and Torreblanca (Castellón), are suspected of involvement in a series of cyberattacks in which nearly 10 million confidential records were stolen. According to El Pais, these involve data belonging to parents, students, and staff of educational institutions. Investigators determined that those detained already had experience with such crimes and were part of an organized group responsible for at least thirty attacks on various systems.
The investigation revealed that the perpetrators used a complex technical infrastructure and professional equipment. They carefully anonymized their activities to avoid detection. After stealing the information, the data was sold on underground internet forums and also used for fraud and identity theft.
Authorities’ response and new measures
Authorities in Castilla-La Mancha responded to the incident by introducing two-factor authentication for all users of educational platforms. According to regional Education Minister Amador Pastor, these measures are expected to enhance the protection of personal data. Meanwhile, the investigation is ongoing: those detained have already appeared in court in Zaragoza, where they face charges of revealing secrets, damaging information systems, money laundering, and participating in a criminal organization.
To legitimize profits from the sale of stolen data, the criminals used cryptocurrencies and international exchange services. Police report that their network spanned several European countries, complicating the process of tracking financial flows. Units from Valencia, Madrid, and Castellón participated in the operation to apprehend the suspects.
Impact on society
Experts note that such crimes are becoming increasingly common, with many perpetrators starting their activities as teenagers by learning on specialized forums. In recent years, the number of attacks on Spain’s critical infrastructure has risen significantly. According to the latest cybercrime report, as many as 160 attacks on key facilities—including transport, energy, and the financial sector—were recorded in 2024 alone. Most incidents involved service outages or data breaches.
The transport sector turned out to be the most vulnerable, accounting for more than a third of all attacks. It is followed by financial and tax institutions, as well as the energy sector. This surge in incidents is prompting both government bodies and private companies to invest in cybersecurity and review their internal data protection protocols.
Context and trends
Digital security issues in Spanish schools and universities have been under discussion for several years. Recently, the government announced the launch of its own artificial intelligence system for educational institutions to reduce the risk of data leaks and strengthen oversight of data processing. As the russpain.com analysisshows, the introduction of new technologies is accompanied by stricter regulations and additional security measures.
As El Pais notes, the investigation of the cyberattack in Castilla-La Mancha has become one of the largest in the region’s history. In recent years, Spain has faced similar incidents: in 2025, a major data breach occurred at a Madrid hospital, and in 2024 an attack on a transport company disrupted railway services. These events underscore the need for continuous system upgrades and regular staff training in cybersecurity basics.
