DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

How many leaks have there been of Mexico’s voter database?

Posted on July 19, 2021 by Dissent

A recent listing on a popular forum claimed to be offering the entire Mexican voter database for 2021 — 91 million records.

Listing for Mexican Voter Database
Redacted by DataBreaches.net

The data was formatted with the following fields:

“CVE”,,”NOMBRE”,”PATERNO”,”MATERNO”,”FECNAC”,”SEXO”,
“CALLE”,”INT”,”EXT”,”COLONIA”,”CP”,”E”,”D”,”M”,”S”,”L”,
“MZA”,”CONSEC”,”CRED”,”FOLIO”,”NAC”,”CURP”

In response to the listing, Alon Gal (@UndertheBreach) commented on Twitter that this was the second breach involving Mexico’s Instituto Nacional Electoral (INE). He pointed readers to this site’s 2016 reporting on an earlier incident uncovered by Chris Vickery. That incident involved 93.4 million voters that turned out to be a leak of the copy of the database that had been provided to Movimiento Ciudadano. Movimiento’s response to the incident was to try to claim that Vickery had hacked them, but both Vickery and Amazon AWS services appropriately denied their attempt to shift blame.

Almost two years later, Movimiento Ciudadano was fined 34.1 million pesos (USD $1.8m) by the complaint commission INE for negligence in failing to properly secure the list.

Then Came the Second Leak

But that 2016 leak was not the only leak that Vickery found back then.  He also discovered a second and smaller leak of voter information impacting more than 2 million voters in the Sinaloa area.

That second leak turned out to be the responsibility of PRI (Partido Revolucionario Institucional).  As with the first leak, however, this leak, too, appeared to be hosted on Digital Ocean, even though under Mexican law, it was illegal for the data to be hosted out of the country.

Then Came the Third Leak or Incident and Maybe a Fourth?

In discussing the newest incident involving the voter database posted for sale on a forum, DataBreaches.net learned that a whitehat researcher had discovered an exposed database of Mexican voters last year.  That database had approximately 87.8 million voters’ information on it and was hosted on OVH SAS.

The researcher contacted OVH who reached out to their customer about the unsecured MongoDB and the data were secured, but the researcher never found out the identity of the customer.

OVH Abuse Report Ticket

 

This same researcher also informed DataBreaches.net that they had observed someone trying to sell what might have been the same database last year.  It’s not yet clear to DataBreaches.net whether the database they saw for sale last year was identical to the one they had found. This post may be updated on that point if clarification is received.

And Now There’s a Fourth Incident — Or is That the Fifth?

Based on the details provided in the forum listing at the top of this article, there has been yet another security incident — perhaps another leak, but the source is not yet known.

At some point, these may have all been “leaks” or unintended exposures. But at some point, at least two of these became breaches because data were being given away as samples or sold.

DataBreaches.net sent a DM on Twitter to INE to alert them that there was also a previously unreported incident in 2020 that they should also look into.

If the voters’ database is supposed to be protected, then it might appear that the government has failed to do so — repeatedly — by failing to ensure that those who have legitimate access to the database secure it properly.  But is this really the government’s fault? There’s a lot we do not know at this point, but that should be investigated.

 

Category: Commentaries and AnalysesGovernment SectorNon-U.S.

Post navigation

← US indicts four members of Chinese hacking group APT40
Italian hosting firm Aruba.it defends data breach notification delay →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Fraudsters, murderers, students: who the GRU assembled a team of hacker provocateurs from and why it failed
  • Order of Psychologists of Lombardy fined 30,000 € for inadequate data security protection and detection following ransomware attack
  • Lower Merion School District says a data breach was caused by a computer glitch
  • After $1 Million Ransom Demand, Virgin Islands Lottery Restores Operations Without Paying Hackers
  • Junior Defence Contractor Arrested For Leaking Indian Naval Secrets To Suspected Pakistani Spies
  • Mysterious leaker GangExposed outs Conti kingpins in massive ransomware data dump
  • Resource: HoganLovells Asia-Pacific Data, Privacy and Cybersecurity Guide 2025
  • Class action settlement following ransomware attack will cost Fred Hutchinson Cancer Center about $52 million
  • Comstar LLC agrees to corrective action plan and fine to settle HHS OCR charges
  • Australian ransomware victims now must tell the government if they pay up

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Fears Grow Over ICE’s Reach Into Schools
  • Resource: HoganLovells Asia-Pacific Data, Privacy and Cybersecurity Guide 2025
  • She Got an Abortion. So A Texas Cop Used 83,000 Cameras to Track Her Down.
  • Why AI May Be Listening In on Your Next Doctor’s Appointment
  • Watch out for activist judges trying to deprive us of our rights to safe reproductive healthcare
  • Nebraska Bans Minor Social Media Accounts Without Parental Consent
  • Trump Taps Palantir to Compile Data on Americans

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.