21/10/2021

Data from the entire population of Argentina are offered for sale in cybercriminal forum

After a cyber attack last month, personal data of the entire population of Argentina may have been leaked from the Registro Nacional de las Personas (Renaper), the Argentine government agency responsible for issuing personal identification documents and passports. Now cybercriminals are selling this data on a popular shallow internet forum.

According to The Record, cybercriminals guarantee to have full name, address, date of birth, gender, the equivalent of RG and CPF, work card, photos of all more than 45 million Argentines.

Advertisement offers a service of "consultation of any Argentine citizen" for an undisclosed amount. Photo: The Record. — Advertisement offers a “consultation of any Argentine citizen” service for an undisclosed fee. Photo: The Record.

the attack probably happened last month, but the first evidence of proof only appeared earlier this month, with the publication of photos of the identity documents and personal data of 44 public figures in Argentina. The photos were posted on Twitter, by a newly created account.

football players, Lionel Messi and Sergio Aguero; the president of Argentina, Alberto Fernandez; in addition to several journalists and political figures argentine are among the personalities exposed on Twitter.

After the exposure on Twitter, cybercriminals announced a kind of query of any Argentine citizen in this database, in a cybercriminal forum quite popular on the shallow internet.

Argentine government denies leak

As The Record found out, Renaper recognizes unauthorized access to your systems, but denies that your databases have been fully compromised and also denies any possible data leakage. In a statement in response to the exposure of Argentine personalities on Twitter, the agency said its “database has not suffered any data breaches or leaks”.

However, he explains that his security team investigated the case and found that “19 images [internas do Renaper] were consulted at the exact moment they were published on the social network from an authorized VPN connection between Renaper and the Ministry of Health, and all the images had been recently consulted from that same link”.

“That link would have made several individual queries to the Renaper databases between 15:01 and 15:55 through the SID data validation service which, once the person’s ID and gender is invoked, returns to the person querying all data printed on the National Identity Card, including image and other personal data, which were immediately uploaded to the Twitter social network, without the consent of the holder“, concludes Renaper in the statement.

The Record informs that spoke with the author of the ad in the cybercriminal forum, who claims to have a copy of the entire database of Argentine citizens’ records, contradicting the Government’s statement. As proof of this, cybercriminals have promised to expose another 1 or 2 million Argentines.

Sources: the record; Renaper; TheHack.