Twitter suspends hacker who allegedly stole data of 45 million Argentinians

The government of Argentina has denied that the National Registry of Persons was hacked.
Written by Jonathan Greig, Contributor

Twitter has suspended a hacker who allegedly stole all of the data from Argentina's database holding the IDs and information of all 45 million citizens of the country. 

A threat actor using the handle @aniballeaks said they managed to hack into Argentina's National Registry of Persons -- also known as RENAPER or Registro Nacional de las Personas -- and offered to sell the data on a cybercriminal forum. 

The leaked data includes names, home addresses, birthdays, Trámite numbers, citizen numbers, government photo IDs, labor identification codes, ID card issuance and expiration dates. 

Initially, the hacker began leaking the information of famous Argentines like Lionel Messi and Sergio Aguero. But in a conversation with The Record, the hacker said they planned to publish the information of "1 million or 2 million people" while looking for buyers interested in the data. 

The hacker also tacitly confirmed how they managed to break into the National Registry of Persons, noting that it was "careless employees" that allowed them into the system. 

The government of Argentina released a statement on October 13 denying that the National Registry of Persons had been hacked. But the statement also says that a VPN from someone within the Ministry of Health had been used to access the Digital Identity System right before the Twitter account leaked the initial data on the high-profile Argentines. 

Tony Pepper, CEO of cybersecurity firm Egress, called the hack "monumental."

"The black market for stolen data is big business, and cybercriminals will stop at nothing to find their next big payday. This attack should be a warning to governments: cybercriminals have the means to execute large-scale, sophisticated attacks, and their citizens' data is under threat," Pepper said. 

"With the data of millions at risk, Argentinian citizens are now prime targets for follow-up attacks, such as financial fraud, sophisticated phishing attempts and impersonation scams, aimed at stealing further personal data, identities and even their money."

Editorial standards