Buró de Crédito data breach remains unconfirmed despite a vendor on Telegram claiming to sell data from the Mexican credit information bureau.
The credit agency refuted the claims of the data breach. However, FalconFeedsio tweeted that its analysts have found a reputable vendor on Telegram posting the breached data.
The threat intelligence company also shared the following image that claimed to have dumped “all financial information” post the alleged Buro de Credito data breach.
Details about the alleged Buro de Credito data breach
The post about the Buri de Credito data breach mentioned the website URL www.burodecredito.com.mx, which was accessible at the time of writing.
The Telegram post featured a data dump of size 352.1MB from the alleged Buri de Credito data breach.
No further information is available about a denied ransom demand, the overall size of breached data, personal or financial information with the hackers, or the group involved in the said cyberattack.
A translated Spanish report by MiBolsillo Mexico urged users to check their special credit report following the yet-to-be-confirmed Buri de Credito data breach.
An earlier incident of Buri de Credito data leak
A daily newspaper El Economista report dated March 6, 2023, read that Buró de Crédito confirmed it did not suffer a cyberattack when asked to comment on it.
“The investigation by independent experts, which is ongoing, allows us to conclude that there is no evidence that the information security infrastructure historically, and in particular, from 2016 to date, has been violated,” Wolfgang Erhardt Varela, a spokesperson for the credit bureau told the news organization.
Wolfgang further clarified that there was no evidence to conclude that a hacking incident occurred.
A security breach and data leak from the credit bureau was known to the National Banking and Securities Commission (CNBV) since December 19, 2022, the report stated.
Personal and financial data was sold however, CNBV did not ask the credit bureau to notify the same to the impacted individuals because it is not governed by Inai, Mexico’s privacy agency.
However, it may impose fines and sanctions and disqualify the executive heads of Buro de Credito with the Ministry of Finance revoking its license under specific circumstances.
Alleged data from the Buro de Credito data breach was up on sale on ‘social networks’ as was found by the credit bureau on February 2.
When asked about the data exfiltrated from the security incident, the company spokesperson told El Economista, “….data that coincides with those that we administered in 2016 and that would have been improperly obtained.”
The Spanish daily newspaper noted that Buró de Crédito had personal and financial data stolen and put on sale after one or more hackers gained unauthorized access to its databases.
The Buro de Credito cyberattack was confirmed by its National Banking and Securities Commission (CNBV).
The investigation into this Buro de Credito data breach by the CNBV concluded on March 3.