Skip to content
Data breachContained

Argentina RENAPER national ID database breach (2021)

An attacker used a compromised government VPN account to query Argentina's RENAPER national ID database for all 45 million Argentines. Photos and ID details for the president, soccer star Lionel Messi, and other public figures were posted to Twitter as proof. The data went on sale on a dark-web forum.

Victim
Registro Nacional de las Personas (RENAPER), Argentina
records
45.0M
users
45.0M

In October 2021, an attacker exfiltrated personal identity records for all 45 million Argentines from RENAPER — the Registro Nacional de las Personas, the Argentine state agency that issues national ID cards. Photos and personal details for President Alberto Fernández, Lionel Messi, Sergio Agüero, and 41 other public figures were posted to Twitter as proof; the full dataset was then put up for sale on a dark-web forum.

What happened

The intrusion vector was unusual in its simplicity: Argentina's Ministry of Interior subsequently acknowledged that an unknown party used a compromised VPN account belonging to another branch of the government to query the RENAPER database and retrieve records.

Public attention started with a Twitter account, @AnibalLeaks, registered specifically to publish the proof: ID-card photos and personal data for 44 Argentine celebrities, including the president and the country's biggest football stars. The full dataset offered for sale on the underground included:

  • Full names, home addresses, dates of birth, gender.
  • ID card issuance and expiration dates.
  • Labour identification (CUIL) codes and Trámite numbers.
  • Citizen numbers and government-issued photo IDs — biometric in effect.

The Argentine Ministry of Interior officially stated that "the RENAPER database did not suffer any data breach or leak" and announced an investigation of eight government employees suspected of insider involvement. The hacker publicly contradicted the government's denial, claiming to hold a copy of the full data.

Impact

  • Identity records for an estimated 45 million Argentines — effectively the entire population — exposed.
  • Photos (a biometric-equivalent) for all citizens included.
  • Public figures including the president and major footballers used as the public proof-of-access.
  • Government denial vs. underground evidence created a credibility crisis for RENAPER.
  • Investigation of insider-employee involvement; no public indictments reported.

Why it matters

Argentina RENAPER is the largest publicly disclosed national-ID database breach in Latin American history. The case demonstrates how a single compromised inter-agency VPN account can convert an entire country's identity register into a saleable underground asset — and how official denials can compound the harm when public, technical evidence contradicts them.

Timeline

  1. An attacker obtains credentials for a VPN account belonging to another branch of the Argentine government and uses it to query RENAPER's national-ID database.

  2. A newly registered Twitter account, @AnibalLeaks, posts ID-card photos and personal details for 44 Argentine celebrities, including President Alberto Fernández and footballers Lionel Messi and Sergio Agüero, as proof of access.

  3. Records on the entire Argentine population — approximately 45 million people, including full names, addresses, dates of birth, gender, ID issuance/expiration dates, employment identifier codes, citizen numbers, and government ID photos — are advertised for sale on a dark-web forum.

  4. Argentina's Ministry of Interior states the RENAPER database 'did not suffer any data breach' and investigates eight government employees for possible insider involvement; the seller contradicts the official statement.

Sources

  1. therecord.mediahttps://therecord.media/hacker-steals-government-id-database-for-argentinas-entire-population
  2. bitdefender.comhttps://www.bitdefender.com/en-us/blog/hotforsecurity/hacker-says-he-stole-id-data-of-45-million-argentinians
  3. upguard.comhttps://www.upguard.com/news/argentinian-government-database-breach
  4. biometricupdate.comhttps://www.biometricupdate.com/202110/potentially-devastating-digital-id-hack-in-argentina-could-have-many-ripples
  5. cpomagazine.comhttps://www.cpomagazine.com/cyber-security/argentinian-government-database-containing-id-card-information-of-entire-country-made-available-on-dark-web-forum/

Related incidents

Data breachResolved

Protemps data breach (2021)

In October 2021, the Singaporean recruitment website Protemps suffered a data breach that exposed almost 50,000 unique email addresses. The impacted data includes names, email and physical addresses, phone numbers, passport numbers and passwords stored as unsalted MD5 hashes, among troves of other…

Victim
Protemps
Records
49.6K
Data breachResolved

CityBee data breach (2021)

In February 2021, the Lithuanian car-sharing service CityBee announced they'd suffered a data breach that exposed 110k customers' personal information. The breach exposed names, email addresses, government issued IDs and passwords stored as unsalted SHA-1 hashes.

Victim
CityBee
Records
110.2K