A hacktivist group claims a 2.3-terabyte data breach exposes the information of 36 million Mexicans, though Mexico’s cybersecurity agency says the data is not a new breach but a collection from previous breaches. On 30 January, a hacking collective known as the Chronus Group reportedly posted documents and data from at least 25 different government institutions, some including names, telephone numbers, addresses, dates of birth and proof of registration in IMSS Bienestar.
The information of more than a quarter of Mexico’s population may be at risk, but the Agencia de Transformación Digital y Telecomunicaciones (ATDT) downplayed the significance of any potential compromise, stating no publication of sensitive data has been identified and that affected systems are largely obsolete private-entity–run state systems.
Chronus has been described as a loose affiliation of hackers whose activity has increased recently, with analysts noting they may be aiming to boost their “brand” rather than deliver a clearly defined, high-impact intrusion. According to Agencia de Transformación Digital y Telecomunicaciones (ATDT), there has been no confirmed publication of information classified as critical, and authorities have revoked compromised access credentials and offered incident response.