Brinztech Alert: Leads Data of 12.4 Million Spanish Citizens (IBANs Included) is on Sale

Dark Web News Analysis

A threat actor on a known cybercrime forum is advertising the sale of a massive database containing personal and financial information for 12.4 million Spanish citizens. The dataset includes First Names, Last Names, Cities, Phone Numbers, Company Names, and, most critically, IBANs (International Bank Account Numbers). The asking price is an incredibly low $150.

Brinztech Analysis: This listing represents a potential exposure of nearly 25% of Spain’s total population.

• The Price Anomaly: The $150 price tag for 12.4 million records with financial data is suspiciously low. This strongly suggests the data is either:
  1. Recycled/Combolist: An aggregation of multiple older leaks (e.g., from marketing firms, call centers, or previous breaches like Phone House Spain or Glovo) repackaged as “fresh.”
  2. Low-Quality Leads: Data scraped from public sources or low-security lead generation forms, enriched with banking details from other sources.
• The Context: Regardless of the source, the availability of 12.4 million valid Spanish phone numbers linked to IBANs fuels the ongoing 2025 cyber-crisis in Spain. This follows recent massive breaches of AENA, Iberia, Air Europa, and the DGT (Traffic Authority). Spain is currently one of the most targeted nations in Europe for cybercrime.

Key Cybersecurity Insights

This data sale presents a critical, volume-based threat to Spanish citizens:

• Elevated Financial Fraud Risk (SEPA): The combination of names and IBANs creates a direct pathway for Direct Debit Fraud. Criminals can use these details to set up unauthorized SEPA direct debits for utility bills or subscriptions, hoping the victim won’t notice the small deductions immediately.
• Mass Smishing Campaigns: With 12.4 million phone numbers, attackers can launch nation-scale Smishing (SMS Phishing) campaigns. They can impersonate Spanish banks (CaixaBank, BBVA, Santander) or the Tax Agency (Agencia Tributaria), using the victim’s real name and city to build trust.
• Accessibility to Malicious Actors: The $150 price point is the most dangerous factor. It democratizes access to financial crime, allowing even low-skill “script kiddies” to buy a massive list of targets for spam and fraud.
• Corporate Targeting: The inclusion of “Company Names” allows for B2B fraud. Attackers can target employees of specific Spanish companies with fake invoices or payroll updates.

Mitigation Strategies

In response to this widespread threat, Spanish organizations and individuals must take action:

• Monitor Bank Accounts (Direct Debits): Individuals should regularly check their bank statements for unauthorized SEPA direct debits. Most Spanish banking apps allow users to “block” direct debits or require authorization for new billers.
• Enhance Fraud Detection (Banks): Financial institutions must tune their fraud detection systems to flag new direct debit mandates setup using the specific batches of IBANs found in this leak.
• Proactive Customer Communication: Banks and telecom providers should launch awareness campaigns warning customers about the rise in “vishing” (voice phishing) and SMS scams that may quote their real banking details.
• Dark Web Monitoring: Organizations should monitor if their employee emails or corporate accounts appear in this dataset, which would indicate a higher risk of targeted social engineering.

Secure Your Business with Brinztech — Global Cybersecurity Solutions Brinztech protects organizations worldwide from evolving cyber threats. Whether you’re a startup or a global enterprise, our expert solutions keep your digital assets safe and your operations running smoothly.

Questions or Feedback? For expert advice, use our ‘Ask an Analyst’ feature. Brinztech does not warrant the validity of external claims. For general inquiries or to report this post, please email us: contact@brinztech.com