RENAPER national ID database breach

In October 2021, an anonymous actor demonstrated they had obtained the complete identity records of Argentina's entire population — roughly 45 million people — held by RENAPER (Registro Nacional de las Personas), the agency that issues every national ID card (DNI) in the country.

What happened

The breach surfaced publicly when a freshly created Twitter account, @AnibalLeaks, began posting the official ID-card photographs and personal details of 44 well-known Argentines, including President Alberto Fernández, football stars Lionel Messi and Sergio Agüero, and numerous journalists and politicians. The hacker then advertised a service on a hacking forum offering to look up the personal data of any Argentine citizen for a fee.

Argentina's Ministry of Interior acknowledged unauthorized access but disputed that a bulk "breach" had occurred. Its security team traced the activity to a VPN account assigned to the Ministry of Health that had been used to query RENAPER for the exact 19 photographs published on Twitter "in the exact moment" they appeared. Authorities opened an investigation into eight government employees suspected of involvement. The hacker contradicted the official narrative, claiming to hold a full copy of the RENAPER dataset.

Impact

Exposed records included full names, home addresses, dates of birth, gender, ID issuance and expiry dates, labor identification codes (CUIL), trámite numbers, citizen numbers, and government photo IDs.
Because RENAPER is the authoritative source for Argentine identity, the data is effectively permanent — citizens cannot change their DNI number, date of birth, or biometric photo.
The hacker threatened to release the records of 1 to 2 million people and to continue selling lookups to interested buyers.

Why it matters

The RENAPER incident is a textbook example of how a single over-privileged credential can expose an entire nation. The compromised account was not a sophisticated zero-day but a legitimate inter-agency VPN login that could query the country's most sensitive registry without rate limiting, anomaly detection, or per-record authorization.

Civil-rights organization Asociación por los Derechos Civiles (ADC) filed a formal request demanding RENAPER explain how the access controls failed and why no alerting caught the bulk queries. The case intensified debate over Argentina's aging Personal Data Protection Law (25.326) and the absence of meaningful breach-notification and minimization requirements for state-held biometric data. For a registry that underpins voting, banking, and welfare, the breach showed that centralizing a population's identity without commensurate access governance creates a single point of catastrophic failure.

Timeline

September 1, 2021

An attacker uses a stolen VPN credential assigned to the Ministry of Health to query the RENAPER database.

October 10, 2021

A newly created Twitter account, @AnibalLeaks, posts ID photos and personal data of 44 Argentine celebrities, including President Alberto Fernández, Lionel Messi, and Sergio Agüero.

October 13, 2021

Argentina's Ministry of Interior confirms unauthorized access traced to a compromised VPN account and opens an investigation into eight government employees.

October 18, 2021

The hacker advertises a database lookup service on a hacking forum and threatens to publish data on 1-2 million people.

November 8, 2021

Civil-rights group ADC formally requests RENAPER explain the breach and account for data-protection failures.

Sources

therecord.mediahttps://therecord.media/hacker-steals-government-id-database-for-argentinas-entire-population

bleepingcomputer.comhttps://www.bleepingcomputer.com/news/security/hacker-steals-data-of-45-million-from-argentinas-national-id-database/

upguard.comhttps://www.upguard.com/news/argentinian-government-database-breach

adc.org.arhttps://adc.org.ar/en/2021/11/08/adc-requests-renaper-to-explain-huge-data-breach/

Related incidents

Data breachContainedOctober 13, 2021

Argentina RENAPER national ID database breach (2021)

An attacker used a compromised government VPN account to query Argentina's RENAPER national ID database for all 45 million Argentines. Photos and ID details for the president, soccer star Lionel Messi, and other public figures were posted to Twitter as proof. The data went on sale on a dark-web forum.

Victim: Registro Nacional de las Personas (RENAPER), Argentina
Records: 45.0M

Data breachResolvedOctober 4, 2021

Protemps data breach (2021)

In October 2021, the Singaporean recruitment website Protemps suffered a data breach that exposed almost 50,000 unique email addresses. The impacted data includes names, email and physical addresses, phone numbers, passport numbers and passwords stored as unsalted MD5 hashes, among troves of other…

Victim: Protemps
Records: 49.6K

Data breachinvestigatedMay 20, 2021

BPJS Kesehatan data leak

Personal data on an estimated 279 million Indonesians — more than the country's living population — was scraped from the national health-insurance agency BPJS Kesehatan and offered for sale on the RaidForums hacking forum.

Victim: BPJS Kesehatan
Records: 279.0M

Data breachResolvedFebruary 5, 2021

CityBee data breach (2021)

In February 2021, the Lithuanian car-sharing service CityBee announced they'd suffered a data breach that exposed 110k customers' personal information. The breach exposed names, email addresses, government issued IDs and passwords stored as unsalted SHA-1 hashes.

Victim: CityBee
Records: 110.2K