Cyber Incident Victim: Poder Judicial de la Ciudad de Mendoza

The Municipality of San Pedro, Argentina, experienced a significant data breach involving its official web platform (sanpedro.gov.ar) around June 2021. Attackers exfiltrated sensitive information belonging to 12,566 registered users, including taxpayers, residents, and suppliers. The compromised data encompassed email addresses, platform access credentials, and fiscal details. Following the theft, the attackers attempted to monetize the dataset by offering it for sale on a prominent clearnet forum frequently used for trading stolen information. When no buyers emerged, the attackers publicly dumped the entire dataset on the same forum, making it freely accessible.

A source familiar with the incident confirmed the authenticity of the leaked data to La Opinion newspaper, verifying its direct correspondence with the Municipality's records. The breach exposed individuals to potential identity theft, financial fraud, and unauthorized access to municipal services tied to their accounts. No information was disclosed regarding how the attackers initially compromised the web platform, whether through exploiting vulnerabilities, phishing, or other means. The Municipality did not publicly acknowledge the incident in the available reporting, leaving the scope of operational disruptions or containment measures unclear. Public disclosure occurred through third-party monitoring of the forum where the data appeared, rather than through official channels. The incident highlighted risks associated with storing sensitive citizen data on government web platforms without adequate security safeguards against exfiltration and unauthorized access.