An anonymous hacker has allegedly leaked the entirety of Argentina’s National Registry of Persons, offering select information for sale on a dark web forum. The breach first came to light when the now-deleted Twitter account @aniballeaks posted the personally identifiable information (PII) of 44 Argentinian celebrities.
The Registro Nacional de las Personas (RENAPER) - the National Registry of Persons, is a government database containing citizen PII from national ID cards issued to all Argentinian citizens.
Sensitive data stored by RENAPER includes:
- Full names of citizens
- Photo identification
- Residential addresses
- National ID number
- Barcodes, used for internal processing
The agency stated in a press release that they suspect the data breach occurred at the hands of an employee. The insider threat theory is supported by the discovery that an agency VPN account was used to query the RENAPER database in the moments leading up to the initial publication of data.
In an interview with The Record, the hacker claimed to have access to every RENAPER entry. With Argentina’s population exceeding 45 million, the data leak would put Argentinian citizens at heightened risk of cyber attacks like identity theft, phishing attacks, ransomware schemes, and other compromises of their personal data.