Spain Investigates Cyberterrorism, Doxxing of Political Figures, including Prime Minister Pedro Sánchez

• Spain's National Court opened a cyberterrorism probe after sensitive data on officials was leaked
• Prime Minister Sánchez and thousands of political figures were doxxed via Telegram
• They continued publishing leaked data even after their original Telegram channel was blocked

Spain’s National Court launched an investigation into a series of cyberattacks targeting senior political figures. The case is being pursued as cyberterrorism and a crime against high-ranking state institutions. 

The investigation is for cyberattacks that followed a mass leak of data belonging to Prime Minister Pedro Sánchez and thousands of others.

The data leak also doxxed former leaders, several cabinet ministers, regional officials, members of left-wing parties, and individuals tied to a high-profile corruption case. Doxxing is a form of digital exposure in which personal information is maliciously published online.

Personal details of figures from the Partido Popular (People’s Party), Spain’s main center-right party, were also leaked. 

The data leak was confirmed to El País, a leading Spanish newspaper, and is suspected to have been carried out by far-right activists operating through Telegram chat groups.

According to El País, the leak also included personal data of four individuals under investigation in the 'Koldo Case' corruption scandal. This includes former Transport Minister José Luis Ábalos, his ex-advisor Koldo García, former PSOE organizer Santos Cerdán, and businessman Víctor de Aldama.

A government spokesperson, Pilar Alegría, appealed to the court to identify those who published the data.

The cyberterrorism probe was initiated after three data leaks were observed on Telegram channels over several days. The leaks escalated from cabinet ministers to regional leaders.

Timeline and details of the Spanish government data leak on Telegram:

• June 20, 2025 - First data leak
  • Two users, @akkaspace and @Pakito, posted personal data on seven ministers and former leaders of the Partido Popular and Podemos
  • Leaked data included addresses, phone numbers, ID numbers, and email addresses (some outdated)
  • The group had over 90,000 members 
• June 21, 2025 - Second data leak
  • Further data targeting government officials and political leaders was released
  • It included Félix Bolaños, Minister of the Presidency and Justice, Yolanda Díaz, Second Vice President and Minister of Labor, Francina Armengol, Speaker of the Congress of Deputies (Spanish Parliament), Salvador Illa, President of the Generalitat of Catalonia, and Ione Belarra, Minister of Social Rights and the 2030 Agenda; Secretary General of Podemos
  • The data was tied to over 300 members of the Spanish Socialist Workers’ Party (PSOE), the country’s main center-left party, and four suspects in the Koldo corruption case
  • Four Koldo case suspects were José Luis Ábalos,  Former Minister of Transport, Koldo García, Former advisor to Ábalos, Santos Cerdán, Former Secretary of Organization for the PSOE, and Víctor de Aldama, Businessman
• June 27, 2025 - Third leak data
  • Posted on a new Telegram channel after the previous channel was blocked
  • More information was exposed targeting Prime Minister Pedro Sánchez and nine additional ministers
  • This included María Guardiola, Juan Manuel Moreno, Ada Colau, and 3,000 Podemos members
  • The hashtags #noalacorrupcion (no to corruption), #españalibre (free Spain), and #sanchezdimision (Sánchez resignation) reflect anti-government sentiment
  • The post also included fresh threats and reposts from the previous data dumps

The Koldo Case is a high-profile corruption investigation centered on COVID-era public procurement contracts for medical supplies.

The National Court is investigating the doxxing incident as a possible act of cyberterrorism, under Article 573 of Spain’s Penal Code, which includes cyberattacks intended to destabilize political institutions or the state’s social and economic structures, as reported by El País.