Teen who allegedly stole millions of personal data records arrested in Spain

Steven

Teen who allegedly stole millions of personal data records arrested in Spain

Summary

Spanish police have arrested a 19-year-old in Igualada accused of stealing and selling about 64 million personal records taken from nine companies. The data allegedly included national ID numbers (DNI), home addresses, phone numbers, email addresses and IBANs. Authorities traced multiple online accounts and pseudonyms used to advertise the stolen databases, seized electronic devices and hardware crypto wallets, and froze a wallet linked to sale proceeds.

Key Points

  • Suspect: 19-year-old detained in Igualada, northeastern Spain.
  • Scope: Alleged theft and sale of ~64 million personal data records from nine companies.
  • Types of data: DNI numbers, addresses, phone numbers, emails and IBAN bank codes.
  • Police action: Investigation began in June; officers identified six online accounts and five pseudonyms, seized devices and hardware crypto wallets, and froze a crypto wallet tied to proceeds.
  • Unclear impact: Authorities have not confirmed the exact number of affected individuals.

Content summary

The National Police say the probe started in June after detecting multiple firms’ data had been exfiltrated. Investigators linked the thefts to a young suspect who allegedly advertised the databases on hacker forums under several aliases. During searches, law enforcement recovered electronic evidence and cryptocurrency assets believed to be sale proceeds.

The article also notes a separate European incident: Polish police arrested three men found with hacking equipment in their car, facing charges including fraud and possession of tools for cybercrime. This highlights a broader trend of mobile and commercially available tooling being used for illicit data collection across borders.

Context and relevance

This arrest matters because breaches of personally identifiable information on this scale feed identity fraud, phishing and financial crime. The case underscores two ongoing trends: criminal resale of bulk PII on forums, and the use of crypto to monetise stolen data. Organisations holding user data should view this as a reminder to tighten access controls, monitor suspicious exports and prepare breach response plans.

Why should I read this?

Quick and dirty: a near-20-year-old is accused of harvesting 64 million records and flogging them for crypto — massive PII, big risk. If you run security, handle customer data or worry about identity fraud, this is a neat snapshot of how breaches get monetised and why you should be locking down logs, backups and payment flows. Worth two minutes of your time.

Source

Source: https://therecord.media/spain-arrests-teen-suspect-data-theft-and-sale