Cyber Incident Victim: Correos de Bolivia
Date:
Aug 2022
Location:
Bolivia
Summary
The Bolivian postal service experienced a data breach where a reputable seller on a hacking forum offered its database for sale, claiming possession of three SQL files totaling 1.47 GB. The seller provided a sample to substantiate the claim, and the breach reportedly originated from the same year. Attempts to alert the national cybersecurity incident response team (CGII) were unsuccessful, and the postal agency’s website had been inactive for months prior, complicating direct verification of the incident’s validity. The compromised data’s exposure risked sensitive information, though official confirmation from the agency remained pending at the time of reporting.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
In August 2022, a seller with established credibility on a prominent hacking forum advertised a database allegedly belonging to Bolivia’s national postal service, Correos de Bolivia (correos.gob.bo). The seller claimed possession of three SQL database files totaling 1.47 GB, attributed to a breach occurring earlier in 2022. To substantiate the claim, the seller provided a sample of the data, though the specific contents or records within the sample were not disclosed in available reports. DataBreaches.net identified the listing and attempted to notify Bolivian authorities by contacting the Centro de Gestion de Incidentes Informaticos de Bolivia (CGII), the national computer incident response team, on August 26, 2022. This alert aimed to facilitate an investigation by Correos de Bolivia to verify the authenticity of the data being sold. However, direct contact with the postal agency was not pursued by DataBreaches.net due to the prolonged inactivity of correos.gob.bo’s official website, which had been offline for several months prior to the incident. No response from CGII was received by the time of the article’s publication on August 26.
The advertisement of Correos de Bolivia’s data highlighted potential risks to the confidentiality and integrity of the agency’s operational records, though the exact nature of the compromised data—such as customer information, internal communications, or logistical details—remained unverified. The inactive state of the postal service’s website prior to the breach report suggested possible pre-existing technical or administrative challenges within the organization. No public statements from Correos de Bolivia or CGII regarding the alleged breach, its impact, or mitigation efforts were documented in the available sources as of August 26. The absence of confirmation or denial from authorities left the validity of the seller’s claims unresolved, while the listing’s persistence on the forum indicated an ongoing threat of data dissemination or exploitation. The incident underscored gaps in external visibility into the agency’s cybersecurity posture and incident response capabilities during the reported timeframe.