CYBER ATTACK

The Argentine government's national identity card database has been breached on the dark web.

An anonymous hacker reportedly leaked Argentina's entire National Identity Registry and offered certain information for sale on a dark web forum. The breach was first revealed when the now-deleted Twitter account @aniballeaks released the personally identifiable information (PII) of 44 Argentine celebrities. 

 The Registro Nacional de las Personas (RENAPER), the National Register of Persons, is a government database that contains personal information obtained from identification cards issued to all Argentine citizens.

Sensitive information stored by RENAPER includes:

1. Full names of citizens
2. Photo identification
3. Residential addresses
4. National ID number
5. Barcodes, used for internal processing

Argentina's Ministry of the Interior, the body responsible for managing RENAPER, believes the hacker likely did not compromise the data by exploiting a public vulnerability.

The agency said in its press release that it suspects the data breach occurred at the hands of an employee. The insider threat theory is supported by the observation that the agency's VPN account was used to query the RENAPER database moments before the first information was published.

In an interview with The Record, the hacker claimed to have access to all RENAPER records. With Argentina's population of over 45 million, a data breach puts Argentine citizens at greater risk of cyber attacks such as identity theft, phishing attacks, ransomware, and other compromises of their personal information.