A purported leak exposing 5.8 million records of Uruguayan citizens has emerged as the latest flashpoint in what security researchers describe as an accelerating campaign by Latin American cybercriminals to monetize stolen government data.
The incident, reported by Dark Reading, fits a pattern analysts have tracked across the region: threat actors targeting government databases that aggregate citizen identity, tax, voting, and social services records — information that commands premium prices on underground forums and is difficult for victims to change.
Why Government Data Is Lucrative
Government-held citizen records are uniquely valuable to cybercriminals for several reasons:
Identity fraud at scale. National ID numbers, birth dates, addresses, and family information sourced from government registries provide all the elements needed for high-confidence identity theft. Unlike a compromised credit card, a citizen's national identity number cannot be cancelled.
Tax fraud and benefits abuse. Stolen tax identification data is widely used in false tax return schemes, fraudulent government benefit claims, and employment-based identity fraud.
Credential correlation. Many citizens reuse passwords tied to their national ID, meaning leaked government data can accelerate credential stuffing attacks against banking and e-government portals.
Bulk monetization. Datasets of millions of records sell for significant sums on dark web forums, where buyers range from fraud operators to nation-state intelligence collectors.
A Regional Pattern
The Uruguay incident is part of a broader wave. Security researchers tracking Latin American cybercrime have documented similar breaches across the region in recent years, including:
- Brazil — multiple leaks of Brazilian taxpayer and voter registration data affecting hundreds of millions of records
- Chile — government database exposures affecting police and military personnel records
- Argentina — breaches of the national immigration registry (RENAPER) and vehicle registration databases
- Colombia — exposure of national identity (Cédula) databases
- Ecuador — a 2019 breach affecting nearly the entire adult population
The actors behind these incidents range from domestic criminal operators monetizing data within the region to internationally active threat groups that aggregate and resell Latin American government databases alongside datasets from other regions.
The Monetization Ecosystem
Stolen Latin American government records typically flow through a layered ecosystem:
- Initial access brokers compromise government portals via SQL injection, phishing, or misconfigured cloud storage — often targeting under-resourced agencies with legacy systems
- Data is exfiltrated to actor-controlled infrastructure
- Records are segmented by data type (national ID, financial, health) and sold on Spanish-language cybercrime forums or Telegram channels
- Downstream fraud operators use the data for identity theft, SIM swapping, and account takeover campaigns targeting banking and e-commerce platforms
Government Cybersecurity Challenges
Latin American governments face compounded cybersecurity challenges: aging IT infrastructure, limited security budgets, rapid digital service expansion following COVID-19, and in some countries a shortage of trained cybersecurity personnel. The combination creates persistent attack surface that sophisticated and opportunistic threat actors alike continue to exploit.
Several governments in the region have accelerated national cybersecurity strategies in response, including Uruguay itself — which established AGESIC (Agency for E-Government and Information Society) as its central cybersecurity coordination body. However, the gap between policy and implementation across the many agencies that hold citizen data remains wide.
Implications for Citizens
Citizens whose data appears in leaks of this type face elevated risk of:
- Identity fraud and account takeover in financial services
- Fraudulent tax filings in their name
- Targeted phishing using personal details from the breach
- SIM swapping attacks using the combination of personal data and mobile carrier social engineering
If you are a Uruguayan citizen or have family there, monitor credit and identity services and be alert to unsolicited contact that references personal details.
Source
- Dark Reading: "Latin American Cybercriminals Hoover Up Government Data" (May 27, 2026)