Argentinian Government Database About the Population Stolen by Hacker
A hacker broke into the Argentinian government’s IT network and stole the country’s entire population’s ID card database. The stolen details are now being sold in private circles.
RENAPER, which stands for Registro Nacional de las Personas, or National Registry of Persons, was the focus of the attack, which occurred last month.
The agency is a vital cog within Argentina’s Interior Ministry, where it is tasked with issuing national ID cards to all citizens, data that it also stores in digital format as a database accessible to other government agencies, acting as a backbone for most government queries for citizen’s personal information.
On Twitter, information about Lionel Messi and Sergio Aguero was revealed
The first sign that RENAPER had been hacked appeared on Twitter earlier this month, when a newly created account called @AnibalLeaks published ID card photographs and personal information for 44 Argentinian celebrities.
This includes information on the country’s president, Alberto Fernández, as well as a slew of journalists and politicians, as well as Lionel Messi and Sergio Aguero.
The hacker reportedly posted an ad on a well-known hacking forum a day after the photographs and personal details were revealed on Twitter, offering to check up the personal details of any Argentinian user.
Faced with a media backlash in the aftermath of the Twitter disclosures, Argentina’s government admitted a security breach three days later.
The Ministry of Interior’s security team revealed that a VPN account allocated to the Ministry of Health was used to query the RENAPER database for 19 images “at the exact moment in which they were uploaded on the social network Twitter,” according to a press statement dated October 13.
Officials noted that “no data breach or leak occurred in the [RENAPER] database,” and authorities are now examining eight government officials for their possible involvement in the leak.
The Argentinian database has been stolen by a hacker, who intends to sell and disclose it
The Record, on the other hand, contacted the person renting access to the RENAPER database on hacker forums.
The hacker claimed to have a copy of the RENAPER data in a conversation earlier today, contradicting the government’s official position.
The individual backed up their claim by giving us the personal information of an Argentinian citizen of our choosing, including the very sensitive Trámite number.
“I might disclose [the data of] 1 million or 2 million persons in a few days,” the RENAPER hacker informed The Record earlier today.
They also stated that they intend to continue selling access to this data to anyone who is interested.
When The Record sent a link to the government’s news statement, which blamed the attack on a potentially hacked VPN account, the hacker merely answered, “careless staff yep,” implying that the point of entry was really compromised.
Full names, home addresses, birth dates, gender information, ID card issuance and expiration dates, labor identification codes, Trámite numbers, citizen numbers, and government photo IDs are among the data the hacker has access to right now, according to a sample posted by the hacker online.
Argentina has a population of more than 45 million people, while the number of entries in the database is unknown.
The hacker claimed to have access to everything.
After the Gorra Leaks in 2017 and 2019, when hacktivists published the personal information of Argentinian lawmakers and police officers, this is the country’s second big security breach.