Old Records with NIDs Resurface – 42 Million Mexico Residents Hit

The wave of data breaches is on the rise as hackers are highly motivated to steal sensitive data for financial gains. This is compounded by the fact that personal information is a highly valued data. 

Recently, the Research Team at Cyble found a post on one of the cybercrime forums in which the threat actor claimed to be in possession of 42 million records of residents of Mexico along with their National Identification Numbers (NIDs). 

Below is an image of the post from the forum. The threat actor has also shared a sample to display the authenticity of the data. 

The dataset is about 6.14GB in size, containing 128 .mdb files in total.  The files are dated between 2009 to 2011, as shown in the screenshot below. 

Below is a screenshot of extracts from one of the files. It contains NIDs, identified as CURP in Mexico. CURP is a Unique Population Registry Code for citizens and residents of Mexico, and each CURP is a unique alphanumeric 18-character string. 

Cyble researchers also found a blog on another forum with the same database for sale. We suspect that threat actors acquire such data from multiple sources and share it on cybercrime forums to build a reputation for their profiles. 


Description automatically generated

Cyble has been reporting these types of breaches to spread awareness of the risks associated with using online services. Recently, during our routine Dark web monitoring, we came across a post in the cybercrime market in which a threat actor claimed to be in possession of more than 220k+ unique records of Jammu and Kashmir residents. The rising number of such data leaks not only reaffirms the need for updated cybersecurity measures but also underlines the importance of handling sensitive consumer data responsibly. 

Data leaks such as these can foster criminal activities and play a pivotal role in various malpractices such as phishing attacks, credential stuffing, financial fraud, and social engineering campaigns. 

We recommend people to: 

  • Never share personal information, including financial information over the phone, email, or SMSes.  
  • Use strong passwords and enforce multi-factor authentication wherever possible.  
  • Regularly monitor your financial transactions, and if you notice any suspicious activity, contact your bank immediately.  
  • Turn on the automatic software update feature on your computer, mobile, and other connected devices wherever possible and pragmatic.  
  • Use a reputed anti-virus and Internet security software package on your connected devices, including PC, laptop, and mobile.  
  • People who are concerned about their exposure in the Darkweb can register at AmiBreached.com to ascertain their exposure.  
  • Refrain from opening untrusted links and email attachments without verifying their authenticity.   

About Cyble 

Cyble is a global threat intelligence SaaS provider that helps enterprises protect themselves from cybercrimes and exposure in the darkweb. Cyble’s prime focus is to provide organizations with real-time visibility into their digital risk footprint. Backed by Y Combinator as part of the 2021 winter cohort, Cyble has also been recognized by Forbes as one of the top 20 Best Cybersecurity Startups To Watch In 2020. Headquartered in Alpharetta, Georgia, and with offices in Australia, Singapore, and India, Cyble has a global presence. To learn more about Cyble, visit www.cyble.com

Scroll to Top