Search TorNews

Find cybersecurity news, guides, and research articles

Popular searches:

Home » News » Data Breaches » Hacker Claims to have Stolen 430 Million Alleged InfoExperto Records

Hacker Claims to have Stolen 430 Million Alleged InfoExperto Records

Last updated:July 9, 2026
Human Written
  • A threat actor listed a massive data cache on a cybercrime forum containing 430 million alleged records.

  • The stolen files include sensitive financial data, plaintext CVVs, biometric data, and critical server access keys.

  • Independent security experts have not yet verified the authenticity of the production environment configurations or certificates.

Hacker Claims to have Stolen 430 Million Alleged InfoExperto Records

A malicious hacker reportedly steals around 430 million personal records from an Argentine credit bureau. The hack appears to target an Argentinian data broker called InfoExperto, which operates within the credit infrastructure of South America.

The hacker has put the data for sale on a well-known dark web forum. If the data is legitimate, it could threaten critical national databases.

The hacker allegedly shared sensitive information about database configurations and the tools for accessing servers. This data exposure poses immediate operational risks to numerous financial institutions and commercial legal networks across Argentina.

Comprehensive Breakdown of Compromised Government and Corporate Assets

The anonymous threat actor claims to possess an extensive array of confidential information from the company servers. The listing outlines a massive repository of sensitive financial data and government-issued employee documentation. For instance, the criminal dumped over one hundred million payroll and employment records spanning several years. This package connects workers to employers and explicit salaries through leaked AFIP Form 931 documentation up to April this year.

The security breach also targets national citizen registries across the country. The actor uploaded sixty-five million records from the official AFIP padron database. This specific segment contains full legal names, national identity numbers, and exact dates of birth. It also exposes home addresses and the active tax status of millions of Argentine citizens.

In addition, the hacker has disclosed around 176 million telecommunication records relating to the main telecommunications providers of the nation. Included in the data are the famous mobile networks, such as Telecom, Personal, Movistar, and Claro.

Data entries link individual lines to the national identification documents of people and confirmed places of residence. Also, the leaked files contain the contacts from state welfare services including ANSES. In this section, there are approximately 86 million telephone records and 30 million e-mail addresses of users from state assistance programs.

Analysis of Exposed Server Architecture and Core Technical Keys

The malicious dataset contains much more than just consumer profiles and personal background records. The threat actor actively published proprietary technical data harvested directly from the central infrastructure of InfoExperto.

The criminal allegedly dumped partial source code and critical system access controls from the company’s private server units. This exposure includes valid VPN keys and highly sensitive SSH root keys used for administrative network access.

Furthermore, the underground listing reveals production environment configurations containing hardcoded credentials hidden inside the software layout. This infrastructure exposure allows external actors to inspect how the internal database handles daily data requests.

The threat actor also claims to possess valid AFIP digital certificates within the stolen file bundle. These digital items could allow cybercriminals to impersonate InfoExperto to query national identity registries directly without detection.

The intruder has released exact scrapers that are utilized for collecting live information from various finance-related entities. The specialty automated tools keep collecting necessary information from official records and databases, such as the AFIP, ANSES, and BCRA databases, using their data collection software.

The scrapers also include commercial companies, such as Movistar, from where the information is retrieved to keep the files up to date. The discovery of these instruments can be a danger for the Argentine banking sector as rivals can use them to launch automated attacks.

Severe Financial Fraud Risks and Biometric Identity Theft Concerns

The dark web listing includes highly critical financial details from major banking systems operating in South America. Specifically, the threat actor claims to expose 245,000 of Banco Columbia credit cardholders including the complete 16-digit PANs.

The dump also contains an additional 4,675 cards stored on the platform with their CVVs and expiry dates that appear in plaintext format. This unencrypted financial data allows internet thieves to execute fraudulent online transactions across the globe with total ease.

The data leak also introduces extreme dangers regarding biometric data and modern identity verification mechanisms. The repository contains forty-eight thousand KYC identity confirmations used to verify new banking clients.

These profiles include detailed face match scores and raw identity card chip data harvested during digital registrations. The risks of biometric data exposure are evident in other breaches; hackers have claimed a massive biometric data breach at a Senegal government agency.

This sophisticated information allows bad actors to build perfect digital clones of real individuals to bypass modern bank security.

InfoExperto plays a massive role in Argentina’s financial infrastructure by providing credit scoring to major financial entities. Banks, fintech firms, and corporate law firms rely heavily on their identity verification services every day.

The exposure of plaintext CVVs and raw biometric data poses huge risks of widespread identity theft. At the time of reporting, neither InfoExperto nor independent security researchers have verified the validity of the breach.

Share this article

About the Author

Memchick E

Memchick E

Digital Privacy Journalist

Memchick is a digital privacy journalist who investigates how technology and policy impact personal freedom. Her work explores surveillance capitalism, encryption laws, and the real-world consequences of data leaks. She is driven by a mission to demystify digital rights and empower readers with the knowledge to protect their anonymity online.

View all posts by Memchick E >
Comments (0)

No comments.