Post

Paraguay Suffered Data Breach 74 Million

Posted
By 10alert
4 min read 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54

---
title: "Major Data Breach in Paraguay: 7.4 Million Citizen Records Leaked on Dark Web"
categories: [Cybersecurity & Data Protection, Data Breaches]
tags: [cybersecurity, data breach, dark web]
author: "Tom"
date: 2025-06-13
---

## TL;DR
Resecurity researchers discovered a massive data breach in Paraguay, where 7.4 million citizen records were leaked on the dark web. The breach includes personally identifiable information (PII) from various government systems, with cybercriminals demanding a $7.4 million ransom. This incident highlights the growing cyber threats targeting South American countries.

## Major Data Breach in Paraguay: 7.4 Million Citizen Records Leaked on Dark Web

Resecurity has identified a significant data breach in Paraguay, where **7.4 million records** containing personally identifiable information (PII) of Paraguayan citizens were leaked on the [dark web](https://securityaffairs.com/40933/cyber-crime/dark-web-cybercrime.html). Cybercriminals offered this information for sale, demanding **$7.4 million** in ransom payments, equivalent to **$1 per citizen**. This extortion attempt, with a deadline set for **Friday, June 13, 2025**, marks one of the most substantial cybersecurity incidents in Paraguay's history.

## Details of the Data Breach

The stolen data, published on multiple underground forums, includes ZIP files containing databases and a torrent file. This tactic, previously used by [LockBit 3.0](https://securityaffairs.com/149941/hacking/lockbit-3-leaked-code-usage.html), enables widespread data dissemination via P2P networks, making takedowns difficult. The breach affects the entire population, with PII exfiltrated from several government information systems. The cybercriminals accused Paraguay's leadership of corruption and negligence in protecting citizens' data. The government [declined to pay the ransom](https://www.occrp.org/en/news/exclusive-paraguay-says-it-wont-pay-ransomware-group-for-stolen-citizenship-data), providing no details on how the data was stolen.

## Source of the Leaked Data

The leaked data is presumed to originate from the following sources:
- **Agencia Nacional de Tránsito y Seguridad Vial de Paraguay** (National Agency for Transit and Road Safety of Paraguay)
- **Ministry of Public Health and Social Welfare of Paraguay** (Ministerio de Salud Pública y Bienestar Social)
- An unnamed system storing PII

This incident follows several recent data breaches in Paraguay:
- A breach at the **Superior Tribunal of Electoral Justice (TSJE)** exposed information on over 7 million people.
- A leak affecting the **Ministry of Finance, the Central Bank of Paraguay, and Itaipú** revealed a file containing over 17,000 records, including sensitive data such as payments to public officials and salaries.
- In 2023, a data breach at the **National Police** exposed documents and personal data of detained individuals, including criminal records and photographs[^1].

## Cybercriminals Behind the Attack

The actors, calling themselves **"Cyber PMC"**, position themselves as mercenaries attacking government systems for profit. It is unclear whether they are sponsored by a foreign state or driven purely by cybercriminal motives. This incident, with its "hack-and-leak" narrative, is a landmark in cybersecurity incidents due to its scale and the extortion of an entire country.

One of the key actors is known for large-scale data breaches across South America, including Bolivia, Venezuela, and Ecuador, leading to the theft of millions of PII records. Their motivation remains unclear, as the ransom demand is not substantial. Such tactics could be employed by foreign intelligence or state-sponsored actors to mask targeted espionage operations.

## Previous Cyber Attacks on Paraguay

[Flax Typhoon](https://securityaffairs.com/149862/apt/chinese-apt-flax-typhoon-targets-taiwan.html), a cyber-group linked to the Chinese state, infiltrated Paraguayan government networks last year. This advanced persistent threat (APT) involved targeted and sustained cyberattacks using malware to extract sensitive information and maintain a covert presence over extended periods.

Notably, Paraguay is the only South American country to recognize the independence of Taiwan, which China considers its territory. This recognition has likely contributed to the intensified cyberattacks targeting Paraguay.

## Conclusion

The increasing frequency and severity of cyberattacks and data breaches targeting Paraguay and other South American countries are alarming. These incidents highlight the growing efforts of foreign threat actors to compromise government information systems and steal citizens' PII. The extortion of an entire country due to a massive data breach underscores the urgent need for enhanced cybersecurity measures and international cooperation to combat these threats.

## Additional Resources

For further insights, check:
- [Resecurity Blog](https://www.resecurity.com/es/blog/article/paraguay-is-being-targeted-by-cybercriminals-74-million-citizen-records-for-sale)
- [Security Affairs](https://securityaffairs.com/)

[^1]: Tedic (2025). "[Massive Data Leaks in Paraguay2025](https://www.tedic.org/en/massive-data-leaks-in-paraguay2025/)". Retrieved 2025-06-13.
This post is licensed under CC BY 4.0 by the author.