PIIs of Argentina’s entire population stolen in data breach

The Argentinian government has allegedly suffered a monumental data breach that has exposed the PIIs of their entire population of 45 million people.  

The hacker has already leaked a portion of the data, publishing the photo IDs and personal details of high-profile celebrities like Lionel Messi and Sergio Aguero, as well as the Argentinian president, Alberto Fernandez, from their Twitter account @aniballeaks, although the account has since been suspended by the social media site. 

The cyber attack, which took place last month, targeted Argentina’s National Registry of Persons (Registro Nacional de las Personas), also known as RENAPER, which handles issuing ID cards to every citizen. The data was stored in digital formats, so it could be accessible to government agencies making information queries. 

The Argentinian government released a statement on 13th October denying the National Registry of Persons hack, although they did admit that a VPN from someone in the Ministry of Health had been used to access the Digital Identity System shortly before the Twitter account leaked the initial data on the 44 high-profile Argentines.  

The breach 

First evidence of a data breach of RENAPER surfaced on Twitter earlier this month after a newly-created account using the handle @AnibalLeaks began to post ID photos and personal details for 44 Argentinian celebrities, including footballers, politicians, journalists, etc as a seeming advert for the stolen data. 

The threat actor is offering to sell more data on a well-known cybercriminal forum. 

The leaked data in its entirely reportedly includes:  

• Names and birth dates. 
• Home addresses. 
• Government photo IDs. 
• Trámite (filling) numbers. 
• Citizen numbers. 
• Labour identification codes. 
• ID card issuance and expiration dates. 

The threat actor advertises it as “all the necessary data to create a false identity card”. 

Trámite numbers are especially devastating due to the fact that a number of government agencies and apps use them as passwords due to their uniqueness. 

When the Record reached out to the threat actor, they confirmed that they had compromised the National Registry of Persons due to “careless employees” allowing them to gain access to the system. While most of what the hacker says contradicts the Argentinian government’s statement, except for the idea that a government employee was involved. 

The intrusion was, reportedly, caused by a compromised VPN account assigned to the Ministry of Health, although, due to the nature of VPN, it is proving difficult to trace its exact source. 

An internal investigation has been launched by the Argentinian government and, currently, officials are investigating eight to ten employees for having a possible role in the data breach. 

When the threat actor was asked about his plans with the massive volume of data, they said that “Maybe in a few days I’m going to publish [the data of] 1 million or 2 millon people” as they looked for potential buyers that were interested in the stolen data. 

Impacts of data breach 

This is the second major security breach that Argentina has suffered, the previous being the Gorra Leaks in 2017 and 2019 where hacktivists exposed the PIIs of Argentinian politicians and police forces. While the first leak involved breaching the Twitter accounts for the now-former Minister of Security of Argentina, Patricia Bullrich, and the Argentina's Airport Security Police, the latter involved a hacker publishing over 200,000 PDF files exposing the PIIs of Argentinian Federal Police officers, including ID and banking information. 

It seems this latest data breach has just upped-the-ante to a national scale. 

The far-reaching consequences of this latest data breach would put the entire country’s population at risk from both home-grown and international threat actors, now becoming prime targets for highly sophisticated Spear-phishing, financial fraud, impersonation and identity scams, all designed to steal further PII information, their identity and commit financial theft. 

Tony Pepper, CEO of Egress, a cybersecurity software company, called the data breach “monumental”, saying “The black market for stolen data is big business, and cybercriminals will stop at nothing to find their next big payday” and that “This attack should be a warning to governments: cybercriminals have the means to execute large-scale, sophisticated attacks, and their citizens' data is under threat”. 

It remains to be seen if the threat actor’s claim of the breach’s sizableness is it accurate or more of an advertising ploy, however given Argentina’s history of breaches and increased cyber attacks against government institutions worldwide, governments would do well to remember investing in cybersecurity is key to their country surviving in the digital age.