The Argentinian government’s IT network has been hacked. As a result, ID card details of the entire population of the country were stolen. The data is now being sold in “private circles,” The Record recently reported. Apparently, the hack of RENAPER (Registro Nacional de las Personas, or National Registry of Persons) occurred in September.
Argentina’s RENAPER Hacked?
The National Registry of Persons is responsible for the registration and identification of all individuals who are domiciled in the Argentinian territory or jurisdiction of all Argentina, according to UbiTech.
Furthermore, RENAPER also issues national ID cards to all Argentinian citizens, and stores this data in digital format as a database that can be accessed by other government agencies. In other words, RENAPER is the backbone of the structure responsible for most government queries related to citizen information.
“The first evidence that someone breached RENAPER surfaced earlier this month on Twitter when a newly registered account named @AnibalLeaks published ID card photos and personal details for 44 Argentinian celebrities,” The Record said. Details for the president Alberto Fernández, multiple journalists and political figures, as well as data for Lionel Messi and Sergio Aguero were leaked. A day later, the same hacker posted an ad on a popular hacking forum, also offering the service of looking up any Argentinian person.
Three days later, the Argentinian government confirmed the breach. Apparently, the Ministry of Interior’s security team found out that a VPN account assigned to the Ministry of Health was used to query the RENAPER database for 19 photos “in the exact moment in which they were published on the social network Twitter.”
According to the statement, “the database did not suffer any data breach or leak,” and authorities are now investigating eight government employees possibly related to the incident.
What is the truth, exactly? It seems that The Record got in touch with the person renting access to the RENAPER database on hacking forums.
“In a conversation earlier today, the hacker said they have a copy of the RENAPER data, contradicting the government’s official statement. The individual proved their statement by providing the personal details, including the highly sensitive Trámite number, of an Argentinian citizen of our choosing,” The Record added.
The hacker claims to have access to the personal data of the entire population of Argentina, currently estimated at more than 45 million.
Syniverse hacked earlier this month
Another recent large-scale data breach affected millions of cellphone users worldwide. Syniverse, a global company that provides technology and business services for a number of telecommunications companies, such as AT&T, T-Mobile, Verizon, Vodafone, and China Mobile, was hacked, and the news of it got out earlier this month.
According to a document from September 27 shared wth the U.S. Security and Exchange Commission, an unknown individual or organization obtained unauthorized access to databases within Syniverse’s network on several occasions. As a result, login information allowing access to or from its Electronic Data Transfer (EDT) environment was compromised for approximately 235 of its customers.