Spain Ministry of Science Hit by Cyberattack & Systems Shutdown

Spain Ministry of Science Hit by Cyberattack & Systems Shutdown

February 5, 2026 discoverhiddenusacom Technology

Spain’s Ministry of Science Hit by Cyberattack: A Growing Trend for Government Institutions

Spain’s Ministry of Science (Ministerio de Ciencia, Innovación y Universidades) announced a partial shutdown of its IT systems on Thursday, February 5, 2026, following claims of a data breach. The disruption affects citizen- and company-facing services, including administrative procedures for researchers, universities, and students.

What Happened?

The Ministry cited a “technical incident” as the reason for the partial closure of its electronic headquarters. However, a threat actor identifying as ‘GordonFreeman’ has claimed responsibility for the attack and offered stolen data for sale. Data samples leaked on underground forums reportedly include personal records, email addresses, enrollment applications, and official documents. The forum where the data initially appeared is now offline.

The alleged attacker claims to have exploited an Insecure Direct Object Reference (IDOR) vulnerability, gaining “full-admin-level access” to the Ministry’s systems. While BleepingComputer reports the leaked images appear legitimate, authenticity remains unconfirmed.

A ministry spokesperson confirmed to Spanish media outlets that the IT systems disruption is related to a cyberattack.

A Pattern of Attacks on Spanish Government Entities

This incident is not isolated. Spain has seen a rise in cyberattacks targeting government institutions. In February 2025, hackers breached systems belonging to the Guardia Civil, the Ministry of Defense, NATO, the U.S. Army, and several universities, leading to an arrest. The CTFC (Centre Tecnològic Forestal Català), Spain’s forestry science institute, experienced a data breach in which 30 GB of confidential research and administrative files were exposed. The Instituto Nacional de Investigación de Tecnología Agraria y Alimentaria (INIA), the largest research centre under the CSIC, was also paralyzed for over two weeks due to a cyberattack.

The Rising Threat to Scientific Research

The attack on the Ministry of Science, and previously on INIA and CTFC, underscores the increasing vulnerability of scientific research institutions to cyber threats. These organizations often hold valuable data – intellectual property, research findings, and personal information – making them attractive targets for malicious actors. The disruption of these systems can have significant consequences, delaying research, compromising sensitive data, and potentially impacting national security.

IDOR Vulnerabilities: A Common Entry Point

The alleged exploitation of an IDOR vulnerability highlights a common weakness in web applications. IDOR flaws occur when an application uses direct references to internal implementation objects, such as database keys, without proper authorization checks. This allows attackers to manipulate these references to access unauthorized data or functionality. The Ministry of Universities also recently experienced a compromise due to an IDOR vulnerability granting unauthorized admin-level access to its database.

Impact and Mitigation

The Ministry of Science is mitigating the impact of the disruption by extending deadlines for affected administrative procedures, in accordance with Law 39/2015. However, the incident serves as a stark reminder of the need for robust cybersecurity measures, including:

  • Regular security audits and penetration testing
  • Implementation of strong access controls and authentication mechanisms
  • Vulnerability management and patching
  • Incident response planning and training
  • Data encryption and backup

FAQ

What is an IDOR vulnerability? An Insecure Direct Object Reference (IDOR) vulnerability allows attackers to access data they shouldn’t by manipulating object references within an application.

Is the data breach confirmed? While a threat actor claims responsibility and has leaked data samples, the authenticity of the data has not been independently verified.

What is the Ministry of Science doing to address the issue? The Ministry has partially shut down its IT systems and is extending deadlines for administrative procedures.

Did you know? Government institutions are increasingly becoming targets for cyberattacks, with scientific research organizations facing a heightened risk due to the valuable data they possess.

Stay informed about the latest cybersecurity threats and best practices. Explore more articles on data breach prevention and incident response to protect your organization and personal information.