Cyber Incident Victim: Corporación Nacional del Cobre de Chile

Attackers compromised the database of a COVID-19 tracking platform operated by Codelco, a major mining company, and listed the stolen data for sale on a public forum in early September 2022. The exposed dataset contained nearly 17,500 email addresses, including over 1,800 belonging to corporate users. Compromised fields included personally identifiable information such as full names, addresses, phone numbers, email addresses, dates of birth, and vaccination statuses, along with Chilean national identification numbers (RUTs). The breach announcement appeared in a September 8, 2022 tweet that included a screenshot of the forum listing, though the specific attacker group responsible was not identified in available reports. No details regarding the initial intrusion vector, duration of system access, or exfiltration timeline were disclosed in public sources.

The incident represented a significant exposure of employee health data, with particular risk stemming from the combination of national ID numbers, contact information, and medical vaccination records. There was no public statement from Codelco confirming the breach or describing containment measures in the examined sources. Similarly, no information was available regarding whether the company engaged with threat actors, notified regulatory authorities, or implemented post-incident remediation efforts. The compromised COVID-19 tracking platform's operational status following the breach remained unclear, as sources did not indicate whether systems were taken offline during investigation. Third-party cybersecurity researchers first identified the data sale listing, suggesting external discovery rather than internal detection.