Contents:
Peruvian citizens are at risk of identity theft and financial fraud following the exposure of a database allegedly belonging to the country’s tax administration agency, SUNAT (Superintendencia Nacional de Aduanas y de Administración Tributaria).
The SafetyDetectives cybersecurity team discovered a clear web forum sharing the 1.2GB unencrypted database on February 5th. The database contains approximately 15,441,010 lines of information, potentially exposing the sensitive data of millions of Peruvians.
SUNAT, the Peruvian tax administration agency collects and manages Peruvian government taxes and customs fees. The agency is vital to the country’s economy, as it is in charge of ensuring compliance with tax laws and regulations.
What Information Was Exposed?
For ethical considerations, the researchers only reviewed a sample of the SUNAT database supplied via the forum. It included the following data:
- tax identification number (RUC)
- name or business name (Nombre o razón social)
- taxpayer status (Estado del contribuyente)
- tax domicile condition (Condición de domicilio)
Screenshot of the Forum Post
The source of the breach remains unknown, but this is not the first time that the database has been shared, as it was also posted on the forum in December 2022. SafetyDetectives contacted Peruvian authorities and informed them about the data being shared online. They have not received a response from SUNAT at the time of writing.
Impact
The potential impact of this data breach is significant, with the exposed information potentially being used for fraudulent activities such as identity theft and financial fraud, warn the researchers.
The breach could also lead to a loss of privacy and trust in the government’s ability to protect citizens’ personal data.
Such data may potentially be used on other governmental/private websites as a unique identifier, in order to obtain and mine more detailed information from an exposed user. The exposed information could fuel further fraudulent activities, allowing malicious actors to possibly steal identities, take out loans, and engage in other forms of financial fraud.
Individuals who believe they may have been affected by the breach are advised to monitor their financial statements for any suspicious activity and report any suspected identity theft to the appropriate authorities.
SafetyDetectives’ full report is available here.
If you liked this article, follow us on LinkedIn, Twitter, Facebook, and YouTube for more cybersecurity news and topics.