Spanish Guardia Civil and the Ministry of Defense potentially hit by third party data breach
Learn More
A significant data breach has been detected on the dark web potentially affecting members of Spain's Guardia Civil, Armed Forces, and Ministry of Defense. The incident appears to be connected to a ransomware attack that targeted Medios de Prevención Externos Sur SL, a third-party contractor responsible for conducting medical examinations, in March 2024.
The threat actors have published three separate databases claiming to contain sensitive information. Two databases allegedly contain information related to Guardia Civil members, while the third database is associated with the Ministry of Defense. The Center for Information and Communications Systems and Technologies (CESTIC), operating under the Ministry of Defense, has launched an investigation to verify the authenticity of the leaked data and assess the full scope of the breach.
Claimed exposed data types:
- Names
- Email addresses
- Professional identifiers
- Dates of birth
- Medical examination results
Approximately 160,000 individuals are potentially affected, of which approximately 109,000 members of the Guardia Civil and approximately 84,000 members from the Ministry of Defense.
No official comments or confirmations are available.
