VECERT emphasized that it is “one of the largest waves of leaks” in Latin America.
The region leads the adoption of digital assets, making it a target for phishing and theft.
Security firm VECERT Analyzer detected more than 385 public data breach incidents in Latin America during May 2026, with more than 512 million records compromised and more than 68 terabytes (TB) of data exposed in 11 countries in the region. The VECERT team called the period a “crisis” and describes it as “one of the largest waves of leaks” recorded in Latin America.
The incidents were detected on internet forums, leak channels, criminal markets and platforms used by threat actors specialized in selling access, citizen data, medical records and government systems, according to the report. According to VECERT Analyzer, more than 85 groups or individuals identified as attackers participated in that activity during the month.
The most affected sectors, according to the firm, were government and public sector, health and medical laboratories, banking and financial systems, education and telecommunications.
A reference to the magnitude of the leaks is that the 512 million compromised records are close to the total population of Latin America, estimated around 670 million people. The VECERT report does not clarify how many of these records correspond to unique people and how many come from overlapping databases between incidents.
The VECERT Analyzer team also points out a change in the pattern of criminal groups in the region: according to their analysis, they would no longer only seek immediate monetization but would be building massive repositories of digital identity, biometric data and medical information. for future fraud, extortion and espionage operations. However, the report does not detail the methodology with which it reached that conclusion.
Countries most affected, according to VECERT Analyzer
Mexico led the region’s leaks during May, with approximately 23.7TB of compromised dataaccording to a volume chart by country from the VECERT Analyzer report. They were followed by Chile (16.3 TB), Argentina (11.8 TB), Ecuador (6.4 TB) and Colombia (4.2 TB).
Among the notable incidents in Mexico are an Army biometric database with 52 million records and 700 GB of data, and a Banco del Bienestar leak with citizens’ financial information; In Argentina, the Ministry of Health and the financial software system Virsacsistemas appear among the cases pointed out by the firm.
Chile, Argentina and Ecuador also concentrated some of the incidents with the highest volume of registrations of the month: SERVEL Chile with 14.8 GB of data on May 1; DIGERCIC Ecuador with 8 GB of images on May 5; Italian Hospital in Argentina with 13 million patients on May 11; and the Ministry of Health of Argentina with 52 million records on May 14, according to the report.
Venezuela, for its part, recorded at least two incidents in the last week of the month, including data from the Army and the electoral system, according to VECERT Analyzer.
Leaks, phishing and digital asset holders
The volume of personal data in circulation in criminal forums has a direct consequence for holders of digital assets in the region.
A repository that combines name, identity document, bank details and telephone number (the type of information that appears in the leaks described by VECERT) is the basic input for two of the most frequent attack vectors against users of digital assets:he phishing and social engineering attacks.
Phishing in this context is the sending of false communications (emails, text messages or notifications that imitate exchanges, wallets or digital asset services). designed for the user to hand over their credentials or recovery phrases. The more verifiable personal data the message includes, the more difficult it is for the recipient to distinguish it from a legitimate communication.
Social engineering attacks go further: with a real name, phone number, and financial data, an attacker can impersonate the user to an exchange’s support or convince third parties to transfer funds.
Latin America also concentrates a relevant proportion of global digital asset adoption. Argentina and Venezuela, for example, are among the countries with the highest relative adoption of Chainalysis indices, driven in both cases by the search for coverage against the depreciation of their local currencies.
That combination of high adoption, high exposure of personal data and active criminal ecosystem expands the attack surface available to groups operating in the region.