Timeline: 2020 Hacks in Mexico

March 23, 2021

2020 was a year like no other, a year that broke with normality and with all the routine that was carried out before his arrival. But, the crime never stopped and this time it came very strong, leaving us cases of shocking hacks in Mexican institutions and leaving large amounts of valuable data on the air, in order to use it illegally.

The latest reports, the result of investigations by experts in the field, report 12 cases that give much to think about to act with greater weight in the future.

In this article, a chronological review of cyberattacks and security incidents that affected public and private institutions is made, endangering the personal information of Mexican citizens.

With this text, it is also expected that all organizations will take new measures in their cybersecurity plan to better react in case of future attacks.

1. Condusef, SAT and Banxico: a coordinated attack

In the week between July 5 and 11, the National Commission for the Protection and Defense of Users of Financial Services (Condusef), the Bank of Mexico (Banxico) and the Tax Administration System (SAT) suffered damages in their respective internet pages. The most affected was the Condusef, whose portal was completely intervened for several hours by cyber attackers.

During that week, the defacement was a nightmare for those three main public institutions responsible for regulating and supervising the Mexican financial system.

2. Public function and patrimonial declarations

Between May and June 2020, the Ministry of Public Administration suffered a security incident that exposed the assets of 830,000 public officials. The violated information contained the tax identification (RFC) and population registration (CURP) keys, as well as the sex of the officials affected.

Due to this incident, the INAI, the Mexican data protection authority, ruled in November that the Public Function had failed to protect the confidentiality and security of the data, in addition to violating various principles established in the Mexican personal data law.

3. Violation of personal data in the Institute of Social Security and Services for State Workers (ISSSTE)

Sensitive data of at least 551 ISSSTE policyholders were exposed on the internet without any type of protection for a period that remains undetermined. The first links to these ISSSTE patient procedure reports appeared on the major internet search engines (Google, Bing and Yahoo) in April 2020, and the last ones remained available well into the second half of the year.

The data revealed in these reports included the full name, sex and age of the patients, and sensitive data, such as the diagnosis each one received and the surgical procedure they underwent; in addition to personal data of the doctors in charge of these patients.

4. Extortion to the National Insurance and Bail Commission

The National Insurance and Bonding Commission suffered an announced attack. First, the access codes to the CNSF network are auctioned in a forum of the dark web (dark web, by its name in English) and after a few days (less than three) the institution denounced that it had been the victim of an incident of cybersecurity that had affected its "operational continuity."

The Lockbit ransomware was used to carry out the attack, hijacking the information from the institution's computers and, after seeing that they would not receive a ransom payment for it, they threatened to make it public after a certain period of time.

5. Yo Te Presto’ clients affected

Unauthorized access to the company's systems exposed the emails of all 1.4 million fintech clients "I lend you".

Luis Rubén Chávez, director of this collective financing company, said that the violation did not affect the personal information of its users, because only their email had been disseminated, and that they had not suffered financial damage to their accounts within the institution. .

The executive said that the company communicated both its clients and financial authorities once it had examined the attack.

6. A wrong setting of Gentera

In July it was revealed that two servers of Gentera, a Mexican financial holding company that owns companies such as Compartamos Banco, Compartamos Financiera, Compartamos SA, Yastás, Aterna and Fiinlab, were open without any protection on the internet.

140,000 bank customer records, which included user account names, full names, emails, gender, date of birth, CURP, RFC, address and phone, were hosted on these two servers.

Gentera assured that the data were false samples or dummies that had been used by its financial research laboratory Fiinlab and that the information of her clients had not been compromised.

7. Malicious software in CI Banco's systems

In August, the CI Banco’s financial institution was the victim of an attempted cyberattack that, according to the bank's own executives, it managed to control. However, alleged operators of the ReVil ransomware announced that they would make public the information that they claimed had been extracted from the bank's systems and that included identification data of legal entities, credit bureau reports and analysis of industrial sectors if the institution is not informed. put in contact with them.

In the end, the bank managers said that there was no communication between the financial institution and the attackers, so CI Banco was not sure that the information disclosed was authentic.

8. Banco Base: failures and intermittences, due to a cyber attack

In November, the financial group Banco Base through a statement revealed that it had been the target of a cyber attack that it managed to control. However, its users had complained about failures and intermittences in the institution's service for several days.

Even after the bank disclosed that it had isolated the two servers where it had discovered the problem, its customers continued to report that the systems continued to fail.

The institution announced that its services would be reactivated gradually and that it was in contact with the authorities to carry out a thorough investigation and establish responsibilities.

9. Information from 4.7 million Clip customers

At the end of October, the data of 4.7 million users of the fintech Clip was put up for sale in an online forum. The data included email and phone number of its users and information that is requested when a person pays through the terminal created by this fintech company in order to receive a receipt.

Subsequently, the company replied that the exposed data did not contain financial information of its clients or users and that it would continue to work with the corresponding authorities.

10. Data of complaints and reports of the ADIP, violated

The Digital Agency for Public Innovation of Mexico City (ADIP), an entity created by Claudia Sheinbaum's administration, also suffered a security incident that exposed information related to complaints and reports that had been raised within its Unified Attention System Ciudadana (SUAC), a digital system that concentrates citizens' communications with the central government and municipalities.

At the time, the agency assured that the incident had not been about a data exposure, because the information had not been disseminated, despite the fact that it had been available through various addresses easily accessible from the Google search engine.

11. iVoy: data of 147,000 clients, available to anyone

In August, the security news site Bleeping Computer revealed that a database with information from clients of the Mexican logistics startup iVoy was offered in an online forum.

The emails and passwords of 147,000 direct clients of the company were available to anyone who wanted to download the information of this Mexican courier company with almost 10 years in the market.

According to the company, it notified its clients of the incident and recommended that they change their password to access the platform.

12. A hack haunts Bitso

Bitso, the largest exchange in Latin America, which has just raised an investment of more than 60 million dollars, saw how three databases with emails, account balances and telephone numbers of 17,946 of its users were sold in an internet forum along with information from other cryptocurrency exchange platforms.

According to the company, the databases offered had been extracted from the platform in an incident that occurred in 2016, which was dealt with at that time, so the financial security of its clients had not been affected.


THETA432 expresses its concern over these attacks on these large institutions. For this reason, we offer our most advanced detection, analysis and destruction services to guarantee the best protection for your databases and networks.

We have the most innovative services in cybersecurity such as R.E.D. We assure you that we’re your Cybersecurity top choice. Ask for a demo!


  • Riquelme. R. (2021, January 02). 2020, en 12 hackeos o incidentes de seguridad en México. Retrieved from: https://www.eleconomista.com.mx/tecnologia/2020-en-12-hackeos-o-incidentes-de-seguridad-en-Mexico-20210102-0007.html

Authored by
Jorge Daniel Tejeda