In a recent data breach in Argentina, a hacker has breached the Argentinian government’s IT network and stolen the personal data of citizens, which are now being sold in private circles.
According to The Record, the hack took place last month and targeted Argentine’s National Registry of Persons, Registro Nacional de las Personas (RENAPER). The agency is a crucial cog inside the Argentinian Interior Ministry, where it is tasked with issuing national ID cards to all citizens, data that it also stores in digital format as a database accessible to other government agencies, acting as a backbone for most government queries for citizen’s personal information.
The Hack
The first evidence that someone breached RENAPER surfaced earlier this month on Twitter when a newly registered account named @AnibalLeaks published ID card photos and personal details for 44 Argentinian celebrities. This included details for the country’s president Alberto Fernández, multiple journalists and political figures, and even data for soccer superstars Lionel Messi and Sergio Aguero.
As reported by The Record, a day after the images and personal details were published on Twitter, the hacker also posted an ad on a well-known hacking forum, offering to look up the personal details of any Argentinian user.
Data sale ad by the hacker
Hear from RENAPER
In a press release on its website, the Ministry of Interior said its security team discovered that a VPN account assigned to the Ministry of Health was used to query the RENAPER database for 19 photos “in the exact moment in which they were published on the social network Twitter.”
Officials added that “the [RENAPER] database did not suffer any data breach or leak,” and authorities are now investigating eight government employees about having a possible role in the leak.
Hear from the Hacker
When The Record contacted the individual who was renting access to the RENAPER database on hacking forums, in their conversation, the hacker said they have a copy of the RENAPER data, contradicting the government’s official statement. The individual proved their statement by providing the personal details, including the highly sensitive Trámite number, of an Argentinian citizen of our choosing.
“Maybe in a few days, I’m going to publish [the data of] 1 million or 2 million people,” the RENAPER hacker told The Record earlier today. They also said they plan to continue selling access to this data to all interested buyers.
When The Record shared a link to the government’s press release in which officials blamed the intrusion on a possibly compromised VPN account, the hacker simply replied, “careless employees yes,” indirectly confirming the point of entry.
According to a sample provided by the hacker online, the information they have access to right now includes full names, home addresses, birth dates, gender info, ID card issuance, and expiration dates, labour identification codes, Trámite numbers, citizen numbers, and government photo IDs. Argentina currently has an estimated population of more than 45 million, although it’s unclear how many entries are in the database. The hacker claimed to have it all.
This is the second major security breach in the country’s history after the Gorra Leaks in 2017 and 2019 when hacktivists leaked the personal details of Argentinian politicians and police forces, reported The Record.
The statement by the hacker contradicts the official statement released by the Argentinian government in which it stated that RENAPER’s database was not breached or leaked. It is hoped that the situation is properly managed before it escalates.
At the time of this report, Twitter had taken down the handle of the hacker as a search by our correspondent returned with a notice saying “the account you are trying to view has been suspended”.