A massive data breach has sent shockwaves through Paraguay, with personal information belonging to an estimated 7.4 million citizens, virtually the entire population, reportedly leaked onto the dark web. Cybersecurity experts have traced the devastating incident back to the insidious work of infostealer malware, highlighting a critical vulnerability in the nation’s digital infrastructure.
The breach, attributed to a group identified as “Brigada Cyber PMC,” saw sensitive data, including names, ID card numbers, dates of birth, professions, and marital statuses, exfiltrated from multiple government systems. Security firms Resecurity and Hudson Rock have indicated that the initial compromise was likely facilitated by infostealer malware infecting a government employee’s device, specifically impacting systems within the National Agency for Transit and Road Safety and the Ministry of Public Health and Social Welfare.
Initially, Brigada Cyber PMC demanded a hefty ransom of $7.4 million, equivalent to $1 per citizen, threatening to publish the data if their demands were not met by June 13, 2025. When the Paraguayan government reportedly refused to pay, the threat actors made good on their promise, dumping the colossal dataset on underground forums and via torrent files, a tactic previously employed by notorious ransomware gangs.
This incident underscores the escalating threat posed by infostealers, which silently infiltrate systems to harvest credentials, cookies, and other sensitive information. Experts warn that these sophisticated malware strains are increasingly targeting government and healthcare sectors across Latin America, with Paraguay’s rapid digitization making it a prime target. The compromised credentials, in this case, provided a backdoor into critical government systems, leading to an unprecedented data loss.
The fallout from this breach is expected to be severe. With such a vast amount of personal data now freely circulating, Paraguayan citizens face an elevated risk of identity theft, financial fraud, and targeted phishing campaigns. The leaked data could also be cross-referenced with other databases to create detailed profiles for various illicit activities.
While the Paraguayan government has yet to officially confirm the full legitimacy of all leaked data, it has announced plans to develop a comprehensive National Cybersecurity Strategy aimed at better protecting citizens’ data and rights.
However, cybersecurity experts emphasize that the widespread dissemination of the data through torrents makes containment an almost insurmountable challenge. This breach serves as a stark warning to governments worldwide about the persistent and evolving threat of infostealers and the critical need for robust cybersecurity defenses.
