Incident Overview

The same threat actor behind the recent Agencia Tributaria (AEAT) employee leak, operating under the handle PoliceEspDoxedBF, has now uploaded a second dataset targeting Spain's Ministerio de Hacienda (Ministry of Finance). The actor claims this leak directly affects members of the ministry and contains a range of sensitive personal and financial information. The account has since been banned from the forum.

According to the listing, the exposed data includes ID numbers, phone numbers, physical addresses, IBANs (bank account numbers), full names, and email addresses belonging to ministry employees. Redacted samples posted in the listing show structured records with multiple data points per individual. This represents a significant escalation from the AEAT leak, as the inclusion of IBANs and ID numbers alongside personal contact details creates a much higher risk for identity theft and financial fraud targeting government workers.

A direct download link is provided along with the actor's official Telegram channel. The data is being offered for free. This is the second Spanish government agency targeted by this actor within days, suggesting either access to a shared government data source or a coordinated campaign against Spanish public administration employees.