Cyber Incident Victim: Instituto De Desarrollo Profesional (IDEPRO)

On or around September 13, 2022, data allegedly belonging to Peru’s Instituto De Desarrollo Profesional (IDEPRO) appeared on a popular hacking-related forum. IDEPRO, a national entity tasked with promoting professional development initiatives, was identified as the purported victim in a post by a forum user with a positive reputation score. The user claimed to possess 1GB of stolen data in SQL format, affecting approximately 1,100 individuals. According to a tweet referenced in the report, the dataset included sensitive fields such as identification numbers, authentication details, usernames, passwords, full names, email addresses, phone numbers, and physical addresses. The forum post required potential downloaders to expend forum credits to access the data, and no freely viewable sample was available for independent verification at the time of discovery. The absence of a proof pack or public sample limited immediate confirmation of the data’s authenticity or comprehensiveness.

DataBreaches.net alerted Peru’s national center of digital security to the forum listing, receiving a response indicating coordination with relevant institutions to address the report. IDEPRO’s official website displayed no public acknowledgment of a security incident, breach notification, or service disruption at the time of the article’s publication on September 16, 2022. The national center’s acknowledgment, however, suggested official recognition of the incident’s validity. The exposure of authentication credentials and personally identifiable information created potential risks for affected individuals, including identity theft and credential-stuffing attacks. The incident occurred against a backdrop of heightened cyber threats in the region, including ransomware attacks on other South American entities, though no direct link between IDEPRO’s breach and ransomware activity was established in the available reporting.