DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Mexico launches criminal probe into exposure of voter information (updated)

Posted on April 24, 2016 by Dissent

Dell Cameron reports:

Mexican authorities have begun criminal proceedings into a data theft incident said to affect more than 87 million registered voters.

Mexico’s National Electoral Institute (INE) filed a criminal complaint on Friday with the country’s election crimes office concerning millions of voter records discovered on a U.S.-based Amazon cloud server. The theft of the records, which includes names, addresses, phone numbers, dates of birth, and voting credentials of Mexican citizens, constitutes a “national offense,” according to INE Director Lorenzo Cordova Vianello.

Read more on Daily Dot.  The number of unique voters in the database has now been variously reported as 81 million voters and 87 million. Either way, it’s a huge number. All sources now confirm that the list was  the official list of February, 2015.

Although Daily Dot reports the criminal complaint was filed Friday, according to  the official INE press release issued Friday and my source in the INE,  the criminal complaint was actually filed on Wednesday. As far as I know, it doesn’t allege “data theft,” and Dell informs me he didn’t mean that term literally. In fact, reading Dell’s article made me realize that we have almost no understanding or information as to what the actual charges are in the criminal complaint.

Under Mexican law, the list in question is only supposed to be used for verification purposes, but where, in Mexican law, does it actually make it a crime to upload that list to a server? Or is the crime that it was uploaded to a non-Mexican server? Or is the crime that it wasn’t adequately secured? Or all of the above or something else? What’s the crime here?

DataBreaches.net emailed the INE last night to ask for information as to what the criminal complaint actually charges.

But apart from the criminal complaint, I keep harping on the fact that because Amazon has yet to cooperate with the INE, the INE – and the Mexican public – still don’t know  how many individuals other than Vickery may have downloaded the database before it was secured . Hopefully, he was the only one. But given that some people are now worried for their safety, the sooner Amazon cooperates with INE and provides access to logs, the better.

The US Department of Justice assisted the Filipino government by contacting CloudFlare and GoDaddy to get evidence preserved and a web site with a database with Filipino voter data taken down. I hope our government is also assisting Mexico in getting Amazon to provide information to INE as to whether this database was accessed and downloaded so that people who may be at risk of kidnapping or murder find out how bad this situation really was.

And at some point, we really need to discuss Amazon’s slowness to respond to what could be safety issues for individuals, but more on that at another time.

Update: Alejandro Andrade of INE responded to my inquiry as to what the criminal charges are, by writing:

It is for misuse for not keeping the confidentiality of the data and any other criminal use that could apply.

In response to a specific question about whether data theft was part of the charges, he replied,

As you mentioned, we don’t know what was the purpose or who uploaded the
information, although we gave it to a representative of a political party there could be many persons involved.

So until they complete their investigation as to who, exactly, uploaded that file, and why, they cannot determine other charges that might apply, but there is a criminal charge of misuse for not protecting the confidentiality of the data, it seems.

Category: Breach IncidentsExposureNon-U.S.Of Note

Post navigation

← COMELEC hacking should be treated as a serious national security problem
Millions of porn accounts for sale on dark web →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Rewards for Justice offers $10M reward for info on RedLine developer or RedLine’s use by foreign governments
  • New evidence links long-running hacking group to Indian government
  • Zaporizhzhia Cyber ​​Police Exposes Hacker Who Caused Millions in Losses to Victims by Mining Cryptocurrency
  • Germany fines Vodafone $51 million for privacy, security breaches
  • Google: Hackers target Salesforce accounts in data extortion attacks
  • The US Grid Attack Looming on the Horizon
  • US govt login portal could be one cyberattack away from collapse, say auditors
  • Two Men Sentenced to Prison for Aggravated Identity Theft and Computer Hacking Crimes
  • 100,000 UK taxpayer accounts hit in £47m phishing attack on HMRC
  • CISA Alert: Updated Guidance on Play Ransomware

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • How the FBI Sought a Warrant to Search Instagram of Columbia Student Protesters
  • Germany fines Vodafone $51 million for privacy, security breaches
  • Malaysia enacts data sharing rules for public sector
  • U.S. Enacts Take It Down Act
  • 23andMe Bankruptcy Judge Ponders Trump Bill’s Injunction Impact
  • Hell No: The ODNI Wants to Make it Easier for the Government to Buy Your Data Without Warrant
  • US State Dept. says silence or anonymity on social media is suspicious

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.