An individual was arrested in Spain for leaking sensitive personal data of employees from multiple critical government entities. The leak was not due to a direct breach of government systems but through aggregation of previously compromised data and open-source intelligence. The data included personal identifiers and contact information of current and former employees of organizations such as INCIBE and the National Security Council. The threat actor published the data under the group name 'Police-ESP-Doxed' on a known breach forum. Law enforcement seized devices for forensic analysis and are investigating further involvement. The incident highlights risks from doxing and data aggregation rather than direct system vulnerabilities.

The leak exposed sensitive personal information of employees from key Spanish government organizations, creating risks to individual privacy and potentially national security. Although there was no direct compromise of government systems reported, the aggregation and publication of this data could facilitate targeted attacks, harassment, or espionage. The exposure of personal identifiers and contact details of personnel in critical institutions may undermine operational security and trust. The incident prompted urgent law enforcement action and ongoing investigations.

No direct system vulnerability was exploited; therefore, no patch or technical fix applies. The Spanish authorities have arrested the individual responsible and seized electronic devices for further investigation. Organizations should review exposure of employee data in public sources and credential dumps and consider enhancing employee data protection policies. Monitoring for further data leaks and cooperating with law enforcement is advised. Since the leak involved aggregation of older data and OSINT, improving data minimization and access controls on sensitive employee information is recommended.