The same hacker who recently released the 2018 INE electoral roll for free (a file that had been sold for years on underground forums) has made headlines once again. This time, he went further: he published documents and databases belonging to state governments and Mexican companies, in what is already considered one of his largest leaks to date.
The attacker, known online as AKA_Astaroth, shared all the information on a cybercriminal forum where he regularly distributes compromised access credentials and stolen databases. This latest leak highlights a persistent issue: cybersecurity in Mexico remains weak, both in the public and private sectors.
Beyond the scandal, the risks are real—from identity theft and targeted extortion to potential supply chain attacks. In short, this isn’t just a technical issue; it’s a problem that can affect us all.
Mexico is already one of the main targets of cyberattacks in Latin America (Source: Publimetro)
Leak Impacts State Governments and Mexican Companies
The recent data leak not only shook the public sector but also affected several private companies in Mexico. Among those impacted are the Ministry of Health and the Comptroller’s Office of the State of Colima, the Health Services of Jalisco, the Government of Campeche, and companies like Kabik, Autobahn, and Soluciones Advans, which operate in trade and construction.
In Colima’s case, the leak included highly sensitive information: asset declarations of public officials, tax certificates, complete payrolls with SAT-certified CFDIs, and even personal addresses. Most concerning is that the exposed data includes information on minors, significantly increasing the risk of identity theft, extortion, and tax fraud.
These types of breaches not only compromise the safety of employees and citizens but also highlight the low level of protection under which many public entities in Mexico operate. The lack of basic cybersecurity measures continues to leave doors wide open to attacks that can have very serious consequences.
Leak in colima reveals payrolls, asset declarations, and sensitive data of minors
Read more: Alert in Mexico: Hacker Claims to Have 45 Million Pieces of App Data
Leaks in Jalisco, Campeche, and the Private Sector Reveal Critical Data Security Failures
The massive leak also reached Jalisco, where the exposed files include internal records from the Health Services. These documents detail entries, exits, inventories, and batches of medical supplies, including expired products. This exposure not only reveals how state warehouses operate but also poses a direct threat to physical security and public health. With access to distribution routes or types of supplies, criminal groups could plan thefts or sabotage.
In Campeche, the leaked documents relate to an inventory system of movable and immovable assets. The files contain employee names and internal asset control folios, with traceability of equipment and furniture belonging to key offices such as the State Prosecutor’s Office and the Governor’s Office. Although no personal data of citizens was exposed in this case, the nature of the leaked information could facilitate targeted thefts, administrative manipulation, or even acts of corruption.
The attack was not limited to the public sector. In the private sphere, the company Soluciones Advans, which specializes in construction and real estate, suffered the leak of over 900 CFDI invoices, along with their XML files. These invoices include bank information, UUIDs, multimillion-peso amounts, and full details of corporate clients. Among the compromised projects are real estate developments in Yucatán.
Meanwhile, the company Kabik also saw 2,270 client records exposed, including RFCs, emails, phone numbers, addresses, and commercial contact data. This type of leak poses a high risk of phishing, tax fraud, and unfair competition, as the data could be used by third parties to carry out fraudulent campaigns or steal corporate identities.
Mexico Faces a Growing Cybersecurity Crisis
The recent massive leak of official data has set off alarms in Mexico’s digital ecosystem. Cybersecurity experts analyzing the case confirm that the exposed information includes official documents, full payrolls, and corporate invoicing, posing multiple risks: identity theft, extortion, tax fraud, and even attacks on logistical infrastructure.
Experts agree that this incident is not isolated but part of a troubling pattern showing how Mexico has become one of the most active targets for cyberattacks in Latin America. The lack of an updated legal framework, combined with institutional and budgetary weaknesses in technology, has left both public agencies and private companies vulnerable.
In this context, the hacker known as AKA_Astaroth has made his modus operandi clear: alternating high-profile public leaks with private sales of access to government, banking, and corporate systems. This strategy not only boosts his visibility on underground forums but also fuels an illegal market for critical Mexican data.
The combination of poor prevention, limited response, and a lack of real legal consequences has created the perfect scenario for these types of attacks. Meanwhile, the exposure of sensitive data continues to grow, directly affecting both institutions and citizens.