Cyber Incident Victim: Corporación Nacional de Desarrollo Indígena
Date:
Feb 2016
Location:
Chile
Summary
A hacktivist group known as Chilean Hackers breached a Chilean government institution responsible for indigenous development, exfiltrating and publicly leaking sensitive personal data of over 300,000 citizens seeking state benefits. The compromised records included names, addresses, and national tax identification numbers of individuals applying for indigenous status certification. The attackers claimed the intrusion exposed inadequate security protections for vulnerable populations' data and protested perceived inequalities in benefit distribution, alleging systemic discrimination against poorer indigenous communities. They accompanied the database leak with a political message demanding the president's resignation. The defacement and data exposure remained publicly accessible for approximately two days before being removed following media attention.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On February 8, 2016, the Chilean hacktivist group "Chilean Hackers" breached the database of CONADI (Corporación Nacional de Desarrollo Indígena), a Chilean government agency under the Ministry of Social Development responsible for administering benefits to indigenous populations. The attackers exfiltrated personal details of 304,189 citizens who had applied for indigenous certification, a mandatory requirement for accessing state benefits such as education support, land purchase subsidies, and financial aid established through CONADI's 1993 founding mandate. The stolen data included full names, residential addresses, and RUT IDs (Rol Único Tributario), Chile's unique taxpayer identification numbers. Following the breach, the group uploaded the database as a zipped Excel file to a CONADI subdomain and defaced the site with a political message demanding President Michelle Bachelet's resignation, claiming the hack demonstrated governmental negligence in protecting indigenous citizens' data.
The defacement page containing the leaked data remained publicly accessible for approximately two days before CONADI or Chilean authorities took it offline, coinciding with domestic media coverage of the incident. Chilean Hackers stated their actions protested systemic inequalities in CONADI's benefit distribution, alleging preferential treatment for certain indigenous groups while poorer applicants faced stigmatization. The breach exposed victims to potential identity theft and financial fraud risks due to the compromise of national tax ID numbers. No technical details about the attack vector or CONADI's security infrastructure were disclosed, though the hackers characterized the intrusion as straightforward. Concurrently, the group claimed involvement in a separate operation targeting Bolivian Army email servers, indicating broader regional hacktivist activities during this period. Chilean government responses were limited to removing the defaced content, with no publicized investigations or security upgrades documented in the available reporting.