Did you know that cyberattacks in Mexico broke records in 2024? Over 324 billion attempts were recorded in just one year. And if that weren’t enough, in the first three months of 2025 alone, there have already been 35.2 billion, according to Fortinet’s 2025 Global Threat Landscape Report.
Businesses of all sizes, public institutions, and even everyday users are under constant attack. And it’s not just about the number of attempts: cybercriminals are using artificial intelligence, improving their strategies, and exploiting every weakness—from human error to outdated systems or vendors without security measures.
To help you better understand what’s happening and what you can do to protect yourself, TecnetOne has prepared this guide featuring real-life cases and practical advice. Because staying informed is the first step to staying protected.
Mexico has become one of the most digitally attacked countries in Latin America—and that’s no coincidence. Year after year, cybersecurity reports show a steady rise in the number of incidents. But what exactly is making the country so vulnerable?
There are several factors that explain why cybercriminals see Mexico as an easy target:
Weak digital infrastructure, both in the public sector and many private companies.
Little investment in cybersecurity, especially among small and medium-sized businesses (which make up over 95% of the country’s business landscape).
Low awareness around prevention, leading to human errors, weak passwords, or lack of knowledge about best practices.
Growing use of technologies without adequate protection, such as networks, devices, or applications connected to the internet.
Additionally, the rapid digitalization that followed the pandemic exposed many systems that previously weren’t online or simply lacked basic defenses. In the rush to adapt, many overlooked the most important factor: cybersecurity.
In short, Mexico is not only in the crosshairs of cybercrime—it’s also, in many cases, ill-prepared to defend itself.
Read more: Ransomware Cyberattacks in Mexico Surpass 237,000 Cases
Mexico has been the scene of several major cyberattacks in recent years, and each one has made one thing clear: no organization is completely safe. From financial institutions to the retail sector, all have been targeted by increasingly sophisticated threats.
Below are five real-life cases that marked a turning point in the country’s cybersecurity landscape—and the key lessons they leave behind.
Between April and May of 2018, five Mexican financial institutions suffered unauthorized access through third-party applications connected to the Interbank Electronic Payment System (SPEI).
The result: fraudulent transfers estimated between 300 and 400 million pesos.
This incident was a harsh reminder that even mission-critical systems can fail—especially when third-party providers are trusted without thorough security checks. In response, the financial regulator tightened regulations and established rapid response teams.
Lesson learned: Every third-party integration must undergo rigorous security testing, such as penetration testing (pentesting), to detect vulnerabilities before attackers do. Trusting without verifying is, quite literally, leaving the door open for cybercriminals.
In November 2024, thousands of photographs taken during the voter ID registration process were leaked—along with personal data such as full names, CURP numbers, addresses, and email accounts.
The case stirred major media controversy and highlighted the serious risks of handling personal data without proper protection.
Besides exposing millions of citizens to fraud and identity theft, the incident raised serious concerns about the security of the institute’s data storage systems.
Lesson learned: Biometric and identity data must be treated as one of the most sensitive assets. There's no room for complacency when it comes to this kind of information.
Throughout 2023, at least six state prosecutors’ offices were hacked, resulting in leaked internal documents and the potential compromise of ongoing investigations. While full details weren’t disclosed, cybersecurity experts warned that such attacks could endanger public safety if the information falls into the wrong hands.
The case showed that public prosecutors are prime targets for criminal groups, particularly because of the large volumes of sensitive data they manage.
Lesson learned: Cyber defense in local governments remains an unresolved issue. Without contingency plans and robust protection, the damage can be devastating.
In 2024, retail giant Coppel fell victim to Lockbit 3.0, one of the world’s most dangerous ransomware groups. The attack affected over 1,800 branches and caused losses exceeding $15 million, as both physical stores and online channels were paralyzed for several days.
Beyond the financial damage, the incident exposed the digital fragility of the retail sector when facing this type of threat.
Lesson learned: Antivirus software and backups are not enough. Business continuity must be a core part of the cybersecurity strategy, with clear protocols in place for responding to incidents.
Multinational company Bimbo confirmed it was attacked by Medusa Ransomware—a group known for encrypting data, deleting backups, and threatening to leak information if ransom demands aren’t met. While details about the ransom amount or payment were not disclosed, the attack caused disruptions to internal processes and raised alarms about the need for stronger controls.
Medusa operates silently: it infiltrates through system vulnerabilities and spreads quickly before locking access to data.
Lesson learned: Protection must go beyond software. It's essential to invest in advanced solutions, train staff, and rely on expert support to respond quickly and minimize damage.
These five cases are just a glimpse of how cyberattacks in Mexico are escalating in frequency, complexity, and potential damage. The most important takeaway is that no one is immune—from small businesses to multinational corporations and public institutions.
At TecnetOne, we believe prevention starts with awareness. That’s why we share these stories—not to create panic, but to raise awareness about the importance of strengthening cybersecurity before it’s too late.
Read more: Cybersecurity Awareness: Why One Annual Talk Isn’t Enough
After analyzing the main cyberattack cases in Mexico, it’s clear that certain techniques are used repeatedly. Knowing them is the first step toward being prepared. Here are the four most common ones and how they affect the country.
This type of attack encrypts an organization’s information and demands payment to release it. In Mexico, it has hit both private companies and public institutions, causing major disruptions and multimillion-dollar losses. Cases like Coppel and Bimbo show its real-world impact.
Key takeaway: Having secure backups and an incident response plan can make all the difference.
These involve fake emails, messages, or websites posing as trusted institutions to trick users and steal their data. In 2024, over 6 million cyber fraud cases were reported in Mexico, with losses exceeding 20 billion pesos.
Key takeaway: Employee training and verifying sources are essential to prevent this type of attack.
These aim to access and expose confidential information such as medical records, login credentials, or personal data. In many cases, they result from internal errors or poor security configurations.
Key takeaway: Sensitive data must be treated as critical assets and protected with proper technical and administrative controls.
These target essential sectors such as healthcare, finance, transportation, or energy, exploiting system vulnerabilities to disrupt key services. Their impact goes beyond digital, directly affecting the population.
Key takeaway: Organizations that operate critical services must treat cybersecurity as an essential part of their operations.
Cyberattacks in Mexico leave behind three clear lessons:
Security is not just a technical issue. It requires policies, processes, and an organizational culture that’s aware of the risks.
Prevention is cheaper than reaction. Investing in controls and prevention costs less than recovering from an attack.
Digital maturity is crucial. Companies with standards like ISO 27001 or that conduct security testing, such as pentesting, are better equipped to withstand and recover from incidents.
Mexico is a top target for cyberattacks in Latin America. Cases like SPEI, SEDENA, or Coppel show that no sector is safe. In this context, the key is no longer just to react—but to anticipate—with a combination of technology, well-defined processes, and trained people.
At TecnetOne, we help organizations assess their risks, strengthen their security, and protect their information before an incident occurs. Want to find out how prepared your company is against a potential attack?