DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Mexico launches criminal probe into exposure of voter information (updated)

Posted on April 24, 2016 by Dissent

Dell Cameron reports:

Mexican authorities have begun criminal proceedings into a data theft incident said to affect more than 87 million registered voters.

Mexico’s National Electoral Institute (INE) filed a criminal complaint on Friday with the country’s election crimes office concerning millions of voter records discovered on a U.S.-based Amazon cloud server. The theft of the records, which includes names, addresses, phone numbers, dates of birth, and voting credentials of Mexican citizens, constitutes a “national offense,” according to INE Director Lorenzo Cordova Vianello.

Read more on Daily Dot.  The number of unique voters in the database has now been variously reported as 81 million voters and 87 million. Either way, it’s a huge number. All sources now confirm that the list was  the official list of February, 2015.

Although Daily Dot reports the criminal complaint was filed Friday, according to  the official INE press release issued Friday and my source in the INE,  the criminal complaint was actually filed on Wednesday. As far as I know, it doesn’t allege “data theft,” and Dell informs me he didn’t mean that term literally. In fact, reading Dell’s article made me realize that we have almost no understanding or information as to what the actual charges are in the criminal complaint.

Under Mexican law, the list in question is only supposed to be used for verification purposes, but where, in Mexican law, does it actually make it a crime to upload that list to a server? Or is the crime that it was uploaded to a non-Mexican server? Or is the crime that it wasn’t adequately secured? Or all of the above or something else? What’s the crime here?

DataBreaches.net emailed the INE last night to ask for information as to what the criminal complaint actually charges.

But apart from the criminal complaint, I keep harping on the fact that because Amazon has yet to cooperate with the INE, the INE – and the Mexican public – still don’t know  how many individuals other than Vickery may have downloaded the database before it was secured . Hopefully, he was the only one. But given that some people are now worried for their safety, the sooner Amazon cooperates with INE and provides access to logs, the better.

The US Department of Justice assisted the Filipino government by contacting CloudFlare and GoDaddy to get evidence preserved and a web site with a database with Filipino voter data taken down. I hope our government is also assisting Mexico in getting Amazon to provide information to INE as to whether this database was accessed and downloaded so that people who may be at risk of kidnapping or murder find out how bad this situation really was.

And at some point, we really need to discuss Amazon’s slowness to respond to what could be safety issues for individuals, but more on that at another time.

Update: Alejandro Andrade of INE responded to my inquiry as to what the criminal charges are, by writing:

It is for misuse for not keeping the confidentiality of the data and any other criminal use that could apply.

In response to a specific question about whether data theft was part of the charges, he replied,

As you mentioned, we don’t know what was the purpose or who uploaded the
information, although we gave it to a representative of a political party there could be many persons involved.

So until they complete their investigation as to who, exactly, uploaded that file, and why, they cannot determine other charges that might apply, but there is a criminal charge of misuse for not protecting the confidentiality of the data, it seems.

Related posts:

  • Personal info of 93.4 million Mexicans exposed on Amazon (UPDATED)
  • Amazon denies Movimiento Cuidadano’s claim that they were “hacked”
  • Mexican government responds to data leak of voter information
  • CERT-MX suffers credibility #FAIL, accuses DataBreaches.net of disclosing unauthorized info.
Category: Breach IncidentsExposureNon-U.S.Of Note

Post navigation

← COMELEC hacking should be treated as a serious national security problem
Millions of porn accounts for sale on dark web →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Ex-student charged with wave of cyber attacks on Sydney uni
  • Detaining Hackers Before the Crime? Tamil Nadu’s Supreme Court Approves Preventive Custody for Cyber Offenders
  • Potential Cyberattack Scrambles Columbia University Computer Systems
  • 222,000 customer records allegedly from Manhattan Parking Group leaked
  • Breaches have consequences (sometimes) (1)
  • Kansas City Man Pleads Guilty for Hacking a Non-Profit
  • British national “IntelBroker” charged with causing $25 million in damages; U.S. seeks his extradition from France
  • France issues press statement about arrest of ShinyHunters members
  • Patients Allege Home Delivery Pharmacy Failed to Timely Notify Them of Data Breach
  • Hackers breach Norwegian dam, open valve at full capacity

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Microsoft’s Departing Privacy Chief Calls for Regulator Outreach
  • Nestle USA Settles Suit Over Job-Application Medical Questions
  • NY Attorney General James Affirms Hospitals Must Provide Access to Emergency Abortion Care
  • How Internet of Things devices affect your privacy – even when they’re not yours
  • Sky Views Personal Data as a Potential Weapon in IPTV Piracy War
  • Florida Used a Nationwide Surveillance Camera Network 250 Times To Aid in Immigration Arrests
  • Federal Court Strikes Down HIPAA Reproductive Health Care Privacy Rule

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.