The Argentinian government database with ID card data belonging to all the country’s citizens has been stolen by a cybercriminal who has now advertised it for sale online.
The news came as a shock to many people across both the cybersecurity and private sector divide as it emerged that the hacker had managed to harvest the card details of about 46 million citizens.
Worse, it turns out that the hacker has already began selling the large trove of data within underground platforms. This is expected to expose the millions of Argentinians to potential cyberattacks in the form of exploits, scams and breaches.
According to media reports, the cyber event took place in the month of September although details concerning the hack surfaced in October.
The government institution that was affected in the cyberattack is referred to as RENAPER, which is an acronym for Registro Nacional de las Personas (translated as the National Registry of Persons), which serves a very crucial role in Argentina considering that they form part of the county’s interior ministry, which is responsible for issuing identification documents to all citizens of Argentina.
Twitter Suspends Hacker Account
Investigative reports intimated that the first indication that the Argentinian national registry had been hacked came from a post on Twitter by a newly-registered account using the handle @AnibalLeaks that posted the ID card photos and personal details for 44 Argentinian public figures.
Some of the celebrities whose ID photographs were published by the user include the country’s president Alberto Fernández, a number of media personalities and political powerhouses, and including football moguls like Lionel Messi and Sergio Aguero.
Twitter has since suspended the hacker’s profile (See below).
Figure 1: The hacker's Twitter account has been suspended by Twitter.
According to additional reports by cybersecurity news platforms, the cybercriminal went on to publish the personal data on a popular hacking site, offering to look up the personal details of any Argentinian citizen.
Apart from ID numbers, the leaked data also comprises the names, home locations, birthdays, Trámite numbers, citizen numbers, government photo IDs, labor identification codes, ID card issuance and expiration dates.
Meanwhile, The Record contacted the hacker who was reportedly renting access to the RENAPER database on illicit cybercriminal forums. According to details that have since been made public by the media platform, the threat actor said that they had a copy of the RENAPER data, an aspect that contradicted the government’s response to the reports.
How Did the Government Respond?
An official statement from the Government of Argentina on October 13 came out to dispel reports that an unknown threat actor had gained access into critical government systems to cart citizen personal data away.
What’s interesting is that the same statement went on to reveal that a VPN from an employee working in the Ministry of Health had been compromised and used to provide unauthorized access into the Digital Identity System right before the Twitter account had shared the initial samples of data belonging to members of the Argentinian high society.
The government went on to assert that RENAPER was not subjected to any cyberattack or data leak, although it maintained that the relevant authorities are not hard at work with investigations touching on eight government workers that may be linked to the data leak.