Cyberattack to the Ministry of Science, Innovation and Universities temporary closure of its electronic headquarters and possible data leaks

The Ministry of Science, Innovation and Universities has partially closed its e-headquarters following a "technical incident" which keeps a number of services for citizens, universities and researchers inoperative. In a statement published on its own website, the department explains that the ongoing administrative procedures have been suspended and that measures will be taken to protect the rights of the persons concerned, without providing for the present details on the nature of the problem. The official notice can be read on the Ministry's page: http: / / www.ciencia.gob.es / en / InfoGeneralPortal / Notices / closing _ temporary _ headquarters _ electronica.html.

While public explanations remain spooky, a claim of responsibility has been made in clandestine forums of the network to an actor who signs as "GordonFreeman," alias taken from the famous Half-Life video game. According to this publication, the attacker allegedly exploited an IDOR (Insecure Direct Object Reference) vulnerability that allowed him to obtain credentials with administrative privileges and exfilter information. The filtered material itself - samples of personal records, mail addresses, registration requests and catches of official documents - was shown as "proof" in these spaces, although the forum where the publication appeared is no longer accessible and, for the time being, the data has not been disseminated on other platforms.

With regard to the veracity of the material disseminated, the images and documents visible in the publication have a finish that seems legitimate, but the independent media and analysts stress that this appearance alone does not prove the total authenticity of the intrusion. Specialized media in cybersecurity and technology press have collected the news and continue to try to confirm the facts with official sources and with security intelligence firms investigating the appearance of the material. Among the signatures that have monitored the publication of the alleged leak is KELA while technology portals have reported the case, but not confirmed all ends.

The temporary closure of the electronic headquarters also has specific administrative effects: the Ministry has announced that the time limits of the proceedings concerned under article 32 of Act 39 / 2015 on Common Administrative Procedure will be extended. The full text of this rule is available in the Official State Gazette for anyone who wants to check how these extensions and other procedural guarantees are regulated: https: / / www.boe.es / search / act.php? id = BOE-A-2015-10565.

From the technical point of view, the reference to an IDOR vulnerability deserves an explanation: these are errors in the validation of parameters that allow an attacker to access other resources simply by manipulating identifiers in a URL or in internal requests. It is a classic access control problem that, if combined with a weak privilege configuration, can result in administrative access. This is why the defence against this type of threat goes through robust access controls, strict validation in the backend, segmentation of privileges, audit records and regular tests (pentesting) that allow these failures to be found and corrected before they are exploited.

The possible impact of the database of the Ministry of Science has a sensitive dimension: the systems that this department manages contain personal and academic information from researchers, students and universities, as well as administrative procedures that may in some cases include specially protected data. If the intrusion is confirmed, reporting and mitigation obligations will be activated that affect both the ministry itself and those whose data may have been compromised. In Spain, the Spanish Data Protection Agency is competent to monitor such incidents and to guide the steps to be taken; its website can be consulted on https: / / www.aepd.es /.

National cybersecurity authorities provide resources and recommendations for incidents affecting public services. Agencies such as the National Institute of Cybersecurity (INCIBE) and the National Cryptological Centre (CCN-CERT) provide guides for both the technical management of incidents and for the protection of users; their pages include practical advice on countermeasures and communication in case of data leakage: https: / / www.incibe.es / and https: / / www.ccn-cert.cni.es /.

While the actual scope of the incident is clarified, caution should be maintained: the authorities have not yet published a comprehensive report and have not publicly confirmed all the details they are circulating on the network. Some Spanish media have already collected statements linking the shutdown of the electronic headquarters to a cyber attack, but internal and forensic investigations often take time to produce final conclusions. An example of information coverage was recently published by a national media: OKDiario which includes the version of ministerial sources.

For individuals and organizations that may have been affected, immediate practical recommendations are simple and well-known: to review official communications from the Ministry, to change passwords that may be related to public services, to activate the authentication of multiple factors where possible and to extend the caution to suspicious posts or messages that try to take advantage of the confusion to perform fraud (phishing). In addition, public and private entities should use such incidents to review their exposure inventories, access policies, backup and incident response plans.

This is a broader trend: in recent years, we have seen attacks on energy companies, public administrations and private platforms resulting in leaks and extortion involving both reputational risks and operational and punitive costs. This dynamic requires accelerating investment in cybersecurity in the public sector, combining technical controls with training and exercises and establishing transparency and communication processes to protect citizens without creating unnecessary alarm.

In a case like this, the official and verified information will be decisive. As investigations move forward, it is responsible for following the updates published by the Ministry of Science itself and the communications of the competent regulatory bodies. We will monitor the evolution of the incident and any notification confirming the extent of the intrusion, the measures taken and the specific recommendations for those affected.