Argentina RENAPER national ID database breach (2021)

An attacker used a compromised government VPN account to query Argentina's RENAPER national ID database for all 45 million Argentines. Photos and ID details for the president, soccer star Lionel Messi, and other public figures were posted to Twitter as proof. The data went on sale on a dark-web forum.

In October 2021, an attacker exfiltrated personal identity records for all 45 million Argentines from RENAPER — the Registro Nacional de las Personas, the Argentine state agency that issues national ID cards. Photos and personal details for President Alberto Fernández, Lionel Messi, Sergio Agüero, and 41 other public figures were posted to Twitter as proof; the full dataset was then put up for sale on a dark-web forum.

What happened

The intrusion vector was unusual in its simplicity: Argentina's Ministry of Interior subsequently acknowledged that an unknown party used a compromised VPN account belonging to another branch of the government to query the RENAPER database and retrieve records.

Public attention started with a Twitter account, @AnibalLeaks, registered specifically to publish the proof: ID-card photos and personal data for 44 Argentine celebrities, including the president and the country's biggest football stars. The full dataset offered for sale on the underground included:

Full names, home addresses, dates of birth, gender.
ID card issuance and expiration dates.
Labour identification (CUIL) codes and Trámite numbers.
Citizen numbers and government-issued photo IDs — biometric in effect.

The Argentine Ministry of Interior officially stated that "the RENAPER database did not suffer any data breach or leak" and announced an investigation of eight government employees suspected of insider involvement. The hacker publicly contradicted the government's denial, claiming to hold a copy of the full data.

Impact

Identity records for an estimated 45 million Argentines — effectively the entire population — exposed.
Photos (a biometric-equivalent) for all citizens included.
Public figures including the president and major footballers used as the public proof-of-access.
Government denial vs. underground evidence created a credibility crisis for RENAPER.
Investigation of insider-employee involvement; no public indictments reported.

Why it matters

Argentina RENAPER is the largest publicly disclosed national-ID database breach in Latin American history. The case demonstrates how a single compromised inter-agency VPN account can convert an entire country's identity register into a saleable underground asset — and how official denials can compound the harm when public, technical evidence contradicts them.

Timeline

September 1, 2021

An attacker obtains credentials for a VPN account belonging to another branch of the Argentine government and uses it to query RENAPER's national-ID database.

October 13, 2021

A newly registered Twitter account, @AnibalLeaks, posts ID-card photos and personal details for 44 Argentine celebrities, including President Alberto Fernández and footballers Lionel Messi and Sergio Agüero, as proof of access.

October 18, 2021

Records on the entire Argentine population — approximately 45 million people, including full names, addresses, dates of birth, gender, ID issuance/expiration dates, employment identifier codes, citizen numbers, and government ID photos — are advertised for sale on a dark-web forum.

October 1, 2021

Argentina's Ministry of Interior states the RENAPER database 'did not suffer any data breach' and investigates eight government employees for possible insider involvement; the seller contradicts the official statement.

Sources

therecord.mediahttps://therecord.media/hacker-steals-government-id-database-for-argentinas-entire-population

bitdefender.comhttps://www.bitdefender.com/en-us/blog/hotforsecurity/hacker-says-he-stole-id-data-of-45-million-argentinians

upguard.comhttps://www.upguard.com/news/argentinian-government-database-breach

biometricupdate.comhttps://www.biometricupdate.com/202110/potentially-devastating-digital-id-hack-in-argentina-could-have-many-ripples

cpomagazine.comhttps://www.cpomagazine.com/cyber-security/argentinian-government-database-containing-id-card-information-of-entire-country-made-available-on-dark-web-forum/

Related incidents

Data breachUnknownMay 2, 2026

French Ministry of Sports: more than 217,000 photos and sensitive data of educators leaked

A hacker using the alias Cybernox claims to be putting up for sale a database attributed to the French Ministry of Sports, Youth and

Victim: French Ministry of Sports

Data breachUnknownApril 27, 2026

Bordeaux Métropole: leak of 11,000 tourist tax filers and tourist rental addresses

A hacker claims to publish a partial database attributed to the taxedesejour.bordeaux.metropole.fr portal, a service used to manage the tourist tax

Victim: Bordeaux Métropole

Data breachUnknownApril 23, 2026

Parcoursup: data leak of 705,000 applicants after fraudulent access in Occitanie

The French Ministry of Higher Education, Research and Space has revealed a security incident affecting the data of certain applicants

Victim: Parcoursup

Data breachUnknownApril 12, 2026

Ardèche department: 26 GB of administrative RSA-related data exposed

A hacker claims to have collected and exfiltrated a significant amount of data related to RSA (Revenu de Solidarité Active), referring to a database of more than

Victim: Ardèche department