-
A hacker is selling a database of over eight million Mexican debtors.
-
The stolen data includes highly sensitive information like the CURP national ID number.
-
This incident is part of a troubling trend of major data exposures affecting Mexican citizens.
A cybercriminal is cashing in on the private data of millions. They have put a massive database of Mexican debtors up for sale on the dark web.
The leak contains deeply personal and financial details. It impacts over eight million individuals.
A Fresh Leak from Mexican Collection Agencies
The hacker made the breach announcement on a popular cybercrime forum, with a boast. They claimed, “Today I bring a fresh leak from Mexico. This time, it’s the database of Mexican bank debtors.”
They stated the data was stolen from a group of debt collection agencies – companies that specialize in tracking down and recovering overdue payments.
Along with the post was proof showing off their access, and they also included samples of the stolen data for anyone interested in buying. Researchers have inspected these samples and the dataset is alarmingly comprehensive.
The hacker claims to have records stretching from 2023 through 2025 and slapped a set price on the full database.
What Personal Information Was Stolen?
The exposed data is a goldmine for identity thieves. And it’s not just a list of names and debts. We’re talking about full names, home addresses, dates of birth—the kind of details you really don’t want out there.
It also includes telephone numbers and specific bank details. The financial product and date of assignment of the debt are also listed.
Most concerning is the exposure of the CURP. Esta es la Clave Única de Registro de Población. It is Mexico’s unique identification number for citizens and residents.
The CURP functions like a US Social Security number. Its theft poses a severe risk to victims.
Researchers confirmed the data’s sensitivity. They warned, “The data leak could lead to identity theft, fraud, and social engineering attacks.” The exact source of the data remains under investigation.
A Recurring Problem for Mexico’s Data Security
This is not an isolated event for Mexico. It is the latest in a string of serious data exposures.
Earlier this year, there was another leak. Nearly nine million personal records of Mexicans were exposed by an unknown source.
In late 2024, the Mexican government itself was targeted. The RansomHub cybercriminal gang claimed a successful breach. They said they stole 313GB of data from the official federal website.
The healthcare sector has also been vulnerable. A hospital data leak left 5.3 million patients at risk. That incident was caused by a startlingly simple security failure – because someone left a database wide open, with no password to keep things locked down.
Navigating the Aftermath of the Breach
This breach has serious implications for every individual who is listed. The inclusion of the CURP number is the most critical threat. Criminals can use this ID to commit full-scale identity theft.
They can open fraudulent bank accounts or apply for loans. They can also access other sensitive government services in someone else’s name. Combined with addresses and birthdates, victims face relentless phishing and social engineering attacks.
Mitigation requires action from both institutions and individuals. The affected collection agencies must secure their systems immediately. They need to inform all potential victims with clear, transparent guidance.
For individuals, vigilance is now essential because the fallout is real. Check your bank statements often and watch out for any weird charges.
And if you get random calls or texts, don’t just trust them — stay sharp. Use strong passwords, and turn on two-factor authentication if you can. Honestly, this whole thing is a wake-up call – your data matters. Don’t leave it unprotected.
