Massive Data Breach in Paraguay: 7.4 Million Citizen Records Exposed
Pierluigi Paganini
June 13, 2025
Data Leak on the Dark Web
Resecurity researchers have uncovered a staggering 7.4 million records containing personally identifiable information (PII) of Paraguay’s citizens available on the dark web. Cybercriminals recently attempted to sell this sensitive information for $7.4 million, equating to $1 per citizen. This incident marks one of the most significant cybersecurity breaches in Paraguay’s history, with a ransom deadline ominously set for Friday, June 13, 2025.
Distribution Methods and Implications
The exposed data has appeared across numerous underground forums. In a notable move, alongside ZIP files of databases, the perpetrators also published a torrent file. This allows for peer-to-peer downloads, a method reminiscent of tactics used by the LockBit 3.0 ransomware group, which previously employed similar strategies to evade detection and takedown efforts.
Scope of the Breach
This breach entails the exposure of data for nearly the entire Paraguayan population, originating from various government information systems. The ransom demand issued by the attackers also criticized the country’s leadership for what they deemed negligence regarding citizens’ data safety. In response, the Paraguayan government officially rejected the ransom demand, providing few details on how the breach occurred. Notably, just days prior to the leak, the President of Paraguay’s Twitter account was hacked, raising further concerns about the security practices in place.
Plausible Sources of the Data
Initial assessments suggest that the compromised data came from several critical government entities, including the Agencia Nacional de Tránsito y Seguridad Vial de Paraguay (National Agency for Transit and Road Safety) and the Ministry of Public Health and Social Welfare. This incident adds to a troubling trend of data breaches in Paraguay, which has seen similar occurrences earlier in the year. In fact, just months ago, the Superior Tribunal of Electoral Justice suffered a breach affecting over 7 million individuals, while the Ministry of Finance and the Central Bank experienced a leak of sensitive data pertaining to public officials.
Cybercriminal Landscape
The perpetrators of this breach have styled themselves as “mercenaries” within a group dubbed “Cyber PMC.” Their actions raise questions about whether these cybercriminals operate as independent actors or if they have the backing of a foreign state. This surge in cyberattacks mirrors a notable uptick in activity against Paraguay, reminiscent of previous attacks attributed to state-sponsored actors, particularly from China. This shift towards extortion indicates a potential evolution in the motivation behind these breaches.
Past Incidents and Security Breaches
Previous attacks have already showcased threats to Paraguay’s cybersecurity infrastructure. In 2024, the Flax Typhoon group, which is linked to the Chinese government, infiltrated Paraguayan networks, deploying advanced malware for long-standing attacks, although no data was publicly leaked from that breach. This lack of transparency raises concerns about the extent of data compromised during these incidents.
Growing Threats in the Region
Resecurity emphasizes that Paraguay, being the sole South American nation to formally recognize Taiwan’s independence, places it in a precarious position amidst rising geopolitical tensions. The ongoing cybersecurity incidents highlight the alarming frequency with which foreign actors target governmental information systems throughout South America, raising serious questions about the safety of personal data across the region.
As the situation unfolds, monitoring state responses and security enhancements will become critical in safeguarding citizens’ data integrity and restoring trust in governmental operations.
