Cyber Incident Victim: Claudia Sheinbaum
Date:
Feb 2025
Location:
Mexico
Summary
Claudia Sheinbaum confirmed thather cellphone was hacked after the extradition of dozens of drug traffickers to the United States, noting that the compromised device was an old campaign phone she kept for public contact rather than her personal line. She said the breach also affected an alternate email account and that Apple alerted the government’s digital transformation agency, which investigated the incident. The phone had been a gift from a state governor during a political outreach effort and she retained the number after taking office as a means for citizens to reach her. Authorities have not identified the perpetrator and are strengthening cybersecurity measures across presidential communications.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On February 28 2025 the Mexican government extradited 29 suspected drug‑trafficking leaders to the United States as part of a diplomatic dispute over tariff increases. Shortly after the handover, The New York Times published a report alleging that President Claudia Sheinbaum Pardo’s cellular device had been compromised. During her daily “Mañanera del Pueblo” briefing on March 1 2025, Sheinbaum confirmed the NYT’s account, stating that the information was accurate and that her phone had indeed suffered a cyberattack following the extradition. She clarified that the compromised device was not her personal government‑issued phone but the cell number she had used during the 2024 presidential campaign and continued to keep in her contact registry for the Tlalpan locality before moving to the National Palace. She noted that the attack affected only one of her older phones and an alternate email account, not the official government email address.
Sheinbaum explained that the phone in question was a gift she received in 2008 from Governor Layda Sansores during the Adelitas Movement, when she still relied on a prepaid line that frequently ran out of credit. She recalled working at UNAM and purchasing call credit, but often being unreachable until Sansores offered to provide and pay for the phone so she would not miss calls. After becoming Head of Government of Mexico City, she retained the same number, allowing many citizens to reach her directly through that line. Although she no longer uses the device for personal communication, she said she kept it as a memento of her political trajectory. She added that Apple had immediately notified the Digital Transformation Agency, which detected the intrusion, took appropriate action, and reviewed the compromised accounts.
At present, the identity of the attacker remains unknown, and the authorities continue to investigate the incident while strengthening cybersecurity measures across the Presidency’s communication channels. Sheinbaum emphasized that no further details about the perpetrator or the specific methods used have been disclosed. The episode has prompted a review of device management practices for legacy numbers still in use by officials. The administration states that it is committed to improving protections against similar threats in the future.