The threat ecosystem continues to hit local governments. On this occasion, the City Council of Béjar (Salamanca) has been identified as the victim of a leak after an alleged security breach attributed to the “ballistic” hacker, who claims to have accessed internal data and records linked to the municipal police. Although the total veracity is still under analysis, the alert has already ignited signs of risk in the Spanish public sector.

What really happened? Critical access through an external provider

According to several specialized portals and screenshots published in dark web forums, the “ballistic” actor claims to have accessed the City Council's systems through a vulnerability in an external server connected to the municipal infrastructure.

By taking advantage of this access point, the attacker claims to have obtained:

  • Internal documentation of the council
  • Temporary access to a database with citizen information linked to the police
  • Administrative files for internal use

The cybersecurity portal Botcrawl qualifies the incident as a highly serious commitment, not only because of the nature of the leaked data but also because of the access to police systems, which significantly increases the potential risk.

A Vulnerable Digital Ecosystem: Dependency on External Vendors

The City Council of Béjar operates through a hybrid infrastructure composed of internal systems and services managed by third parties, which provide document storage, administrative applications and communication platforms.

External vendors play a key role in your digital operations, but they also introduce new attack vectors when:

  • They don't apply security patches
  • They maintain weak configurations
  • They offer excessive access to the internal network

According to information leaked by “ballistic”, the breach occurred precisely because of an outdated or misconfigured external system that allowed it to pivot to more sensitive City Council resources. This pattern coincides with recent incidents in other local Spanish and European entities.

The City Council of Béjar, part of a growing trend of local attacks

City councils have become one of the favorite targets of cybercriminals. They tend to work with fragmented digital infrastructures, supported by multiple external providers, and have fewer resources to invest in preventive cybersecurity. Added to this is the large amount of sensitive data they manage, from administrative files to police information, which makes these institutions an especially profitable target.
In this context, the Béjar case fits into a growing trend: instead of seeking only to interrupt public services, attackers seek to extract valuable data for sale on the dark web, use it in extortion or gain a criminal reputation by publicly filtering it.

Leak Motivated by Cybercrime, Not by Espionage

Everything suggests that the leak is due to economic or notorious motivations:

  • Sale of data in clandestine forums
  • Partial publication to gain criminal reputation
  • Possible pressure on the body through threats or blackmail

There are no indications of geopolitical espionage or state affiliation.

Risks for the City Council and citizens

If confirmed, the leak could have significant consequences:

  • Exposure of personal data linked to police records
  • Access to internal information that could facilitate future attacks.
  • Loss of trust in municipal services and their digital platforms
  • Legal and regulatory responsibility when dealing with particularly sensitive data.

What we recommend from Apolo Cybersecurity

For public administrations — and especially municipalities — strengthening digital security involves adopting a comprehensive strategy that goes beyond protecting internal systems. It is essential to establish continuous control mechanisms over external suppliers, regularly evaluating their security to detect breaches before they occur. It is also key to apply a Zero Trust approach, limiting extensive or permanent access to critical systems and ensuring that every interaction is verified.

Added to this is the need to carry out periodic penetration tests to test exposed applications, servers and platforms, as well as to define clear protocols for managing especially sensitive data, such as police documents or citizen files. Finally, the continuous training of technical and administrative staff remains one of the most important pillars: the human factor is often the first barrier — or the first point of entry — for attackers.

Strengthen your digital security before the next incident

Attacks on local governments will continue to grow as long as cybercriminals see them as a profitable target.
Protecting your systems today means preventing leaks tomorrow.

If you want to evaluate the security of your city council, agency or public entity, we are here to help.

Prev Post
Next Post

Any questions?
We're happy to help!

CONTACT US TODAY!
info@apolocybersecurity.com
Data Controller: Apolo Analytics SL
Purpose: To process your request and respond to your message.
Legal Basis: Consent of the interested party upon submitting the form.
Recipients: Data will not be transferred to third parties, except under legal obligation.
Rights: You may exercise your rights of access, rectification, and deletion, among others, by sending an email to secretaria@apolocybersecurity.Com.
Additionall information: You can view the full information on our Privacy Policy.

Thank you!

Your message has been successfully received.
Oops! Something went wrong when submitting the form.
We are waiting for you!
Schedule a call
Project photo
send us an email
Project photo
+34 937948378
Project photo
Carrer de Sant Joan de la Salle 42, Barcelona, spain
Project photo
FAQScontactTERMS AND CONDITIONSWork with Us
Accelerated by:
Certifications:
Light Eyes is part of Apolo Cybersecurity
LEGAL NOTICEPRIVACY POLICYCookies
Privacy Settings
Copyright © 2025 Apollo Cybersecurity