Reportedly, the database also contains personal information of Argentinian President Alberto Fernández, football superstars Sergio Aguero and Lionel Messi.
After the infamous La Gorra Leaks in 2017 and the exposure of Argentinian politicians and law enforcement officials in 2019, Argentine is back in the news for all the wrong reasons. This time, hackers have reportedly stolen a government database containing the entire Argentine populace’s information, which means around 46 million people are currently at risk of exploitation.
About the Hack
According to The Record, an Argentine government database known as RENAPER (Registro Nacional de las Personas/Argentina’s National Registry of Persons) was targeted. RENAPER hosts the country’s national registry, official ID card details, and photos of all 45.3 million citizens.
Reportedly, hackers have managed to steal the ID card data of the entire population and are now trying to sell it in private circles. Given the trove of information this database might contain, it could be a goldmine for threat actors as they can use it for scams, attacks, and exploits.
How did the Breach happen?
According to Argentinian media, the hacker breached the government’s IT network and stole ID card details. The breach took place in September, indicating that the government failed to protect its citizens’ identities.
The targeted department was responsible for issuing ID cards to all citizens, and the data was stored in digital format, and it was only accessible by government agencies. Hence, it seems probable that a security loophole would have allowed the hackers to infiltrate the network.
Entire Population’s ID Card Details Stolen
The Record reported that the first evidence that RENAPER was breached emerged earlier in October when a newly registered Twitter handle @AnibalLeaks published ID card photos of 44 well-known Argentinian celebrities, including president Alberto Fernández, football superstars Sergio Aguero and Lionel Messi, journalists, and political figures.
One day later, the personal details and images were also published on Twitter, and the hacker posted an ad on a popular hacking forum.
The Argentinian government confirmed the breach three days later in a press release in which the Ministry of Interior explained that its security team learned that a VPN account assigned to the Ministry of Health was used to examine RENAPER for 19 photos. That very moment the photos were published on Twitter.
“The database did not suffer any data breach or leak,” the ministry confirmed, adding that authorities are currently investigating 8 government employees for their possible involvement in the leak.
The hacker contradicted the government’s official statement when The Record contacted them and said they had a copy of the RENAPER database. Hackers proved their claim by sending personal details, including the Trámite number, of an Argentinian national chosen by The Record.
“Maybe in a few days I’m going to publish 1 million or 2 million people,” the hacker told The Record.