According to VECERT, data from President Javier Milei appears among the information exposed.
At the end of May, a gang that sold stolen RENAPER data to commit scams was brought down.
The cybersecurity firm VECERT Analyzer warned this June 2 about an alleged hacker who would be selling a system that would give access to personal data of Argentine citizens stored in the National Registry of Persons (RENAPER), the state organization that centralizes the identity of the entire population of the country.
The fact illustrates one of the structural risks that Bitcoin technology was designed to avoid: when a person’s personal data or assets depend on a central custodian (a State, a company, a registry), A single failure in that custodian exposes all those who depend on him, without the individual having control or resources to avoid that problem.
According to the VECERT Analyzer reportthe cyber attacker was identified as ‘LaPampaLeaks’ and offers access to address history, family ties and cell phone numbers.
The firm’s statement also mentions that among the information allegedly compromised data from president Javier Milei appearsdeputy Lilia Lemoine, officials from the State Intelligence Secretariat (SIDE) and former president Cristina Kirchner. However, VECERT classifies the status of the alert as “not confirmed” even though there is “visible evidence.”
Among this evidence, VECERT researchers shared a screenshot of the alleged text published on an internet forum by the attacker(s) in which they would be selling the API that allows access to the exposed information:
RENAPER and the Argentine government did not issue statements in this regard at the time of this publication. The local context, however, is not immune to this type of threats. According to local media reportsMay 28 The Argentine Federal Police dismantled a gang that sold personal data stolen from RENAPER and other public organizations through Telegram channels, using them for virtual scams, identity theft and emptying of accounts. Seven people were arrested in eleven simultaneous raids in different parts of the country.
The point of failure that Bitcoin seeks to eliminate
That a leak of RENAPER data enables specific attacks is not an accidental consequence. It is, in any case, the direct consequence of the centralized custody model.
With name, address, family ties and cell phone number of a person, an attacker can construct a credible hoax. For example, the phishing (technique by which an attacker impersonates a trusted person or institution using the victim’s real data to steal passwords, money or sensitive information) becomes more effective the more complete the profile available. The same information also facilitates targeted physical attacks.
Bitcoin operates on an opposite principle. The network does not require any organization to register the identity of its users or guard their assets. Each person controls their funds using their own cryptographic keys, without intermediaries and without a central registry that, if compromised, would expose millions simultaneously. Financial autonomy in Bitcoin does not depend on RENAPER, a bank or any other custodian protecting the user’s data: It depends exclusively on the user safeguarding their own password that proves to the network that he is the sole owner of those coins.
The debate about the vulnerability of centralized state registries is not new, but recurring episodes of data leaks from public organizations renew the question about what real guarantees the centralized custody of personal information offers and whether there are design alternatives that transfer that control to the individual.