{
	"id": "a54be6f3-c5d3-4814-a416-8bd92d2d8ee5",
	"created_at": "2026-04-06T00:09:36.016325Z",
	"updated_at": "2026-04-10T03:36:01.606548Z",
	"deleted_at": null,
	"sha1_hash": "4f0e092c739b71566c6d9ee733efd0af698cc66f",
	"title": "National Civil Service Commission of Colombia Data Breach Exposes 2.9 TB of Government Files",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 53678,
	"plain_text": "National Civil Service Commission of Colombia Data Breach\r\nExposes 2.9 TB of Government Files\r\nBy Written by\r\nPublished: 2025-11-11 · Archived: 2026-04-05 14:27:24 UTC\r\nThe National Civil Service Commission of Colombia data breach has exposed nearly 3 terabytes of government\r\nfiles following a cyberattack claimed by the Kazu ransomware group. The attackers listed the Comisión Nacional\r\ndel Servicio Civil (CNSC) on their dark web leak portal, demanding a $300,000 ransom to prevent the disclosure\r\nof stolen data. The breach represents one of the largest confirmed government data exfiltrations in Latin America\r\nthis year, with over 9 million files allegedly compromised.\r\nDark Web Monitoring\r\nBackground of the Breach\r\nThe National Civil Service Commission of Colombia (CNSC) is a critical government body responsible for\r\noverseeing recruitment, selection, and employment management for public sector workers across the country. Its\r\nmission ensures that hiring processes remain transparent and merit-based for civil service positions throughout\r\nColombia. The organization’s official portal, https://cnsc.gov.co/, provides information on job openings,\r\napplication procedures, and regulations governing public service employment.\r\nAccording to the dark web listing, the Kazu threat group claimed to have successfully infiltrated CNSC’s network\r\nand exfiltrated 2.9 terabytes of sensitive data. The files reportedly contain internal communications, employee\r\ndatabases, application records, and government correspondence. The ransom note posted alongside the listing\r\ndemanded $300,000 in exchange for deleting the stolen data, with a public disclosure deadline set for November\r\n26, 2025.\r\nAbout the Kazu Threat Group\r\nKazu is a relatively new but active cybercrime group that has surfaced on dark web marketplaces and leak sites\r\nsince mid-2025. The group is known for targeting government and educational institutions in Latin America,\r\nEurope, and Asia. Kazu’s tactics resemble those of other double-extortion ransomware operators, where both data\r\nencryption and exfiltration are used to maximize leverage against victims. The group’s leak portal lists multiple\r\nongoing ransom cases, with each victim assigned an expiration timer for ransom payment before public exposure.\r\nData Protection Services\r\nIn the case of CNSC, Kazu did not immediately publish evidence packs, suggesting negotiations or a delayed leak\r\nschedule. However, metadata from the listing confirms the presence of compressed archives totaling 2.9 TB and\r\nover 9.2 million records. This makes it one of the largest government data exfiltration incidents in Colombia’s\r\nhistory.\r\nhttps://botcrawl.com/national-civil-service-commission-of-colombia-data-breach/\r\nPage 1 of 4\n\nScope of Exposed Data\r\nBased on the information shared by the attackers, the National Civil Service Commission of Colombia data\r\nbreach may have compromised:\r\nEmployee and applicant personal records, including identification numbers, emails, and addresses\r\nInternal documents and correspondence between CNSC departments\r\nGovernment application forms and recruitment test results\r\nFinancial records, payroll data, and contracts with civil service agencies\r\nSystem logs and configuration files from internal networks\r\nThe potential exposure of personal and governmental data could have serious implications for Colombia’s public\r\nsector. Sensitive information such as ID numbers and job application histories can be exploited in identity theft,\r\nphishing, or political espionage campaigns. Moreover, the leak of internal procedures and recruitment materials\r\ncould undermine public trust in the integrity of government hiring systems.\r\nImpact on the Colombian Government\r\nThe incident raises major concerns for national data protection, as CNSC manages recruitment for thousands of\r\ngovernment roles. If confirmed, the breach would represent a significant compromise of national personnel data.\r\nPublic sector employees could face increased cyber risks, including credential-based attacks or targeted social\r\nengineering campaigns aimed at government departments.\r\nIn recent years, Latin American public institutions have become prime targets for ransomware groups due to a\r\ncombination of valuable data, limited cybersecurity budgets, and the critical nature of public services. Similar\r\nlarge-scale attacks have previously targeted government agencies in Chile, Argentina, and Mexico, causing\r\nwidespread operational disruptions and forcing major data restoration efforts.\r\nTechnical Aspects and Attack Vector\r\nThe method used by Kazu to infiltrate CNSC remains unknown, but the group commonly exploits weak remote\r\ndesktop configurations, unpatched software vulnerabilities, and credential reuse across government systems.\r\nAnalysts believe the group used phishing or stolen credentials to gain initial access, followed by lateral movement\r\nand data exfiltration over encrypted channels. The stolen files were reportedly compressed into multiple encrypted\r\narchives before being uploaded to private servers controlled by the attackers.\r\nHome Network Security\r\nThe leak page listed both the ransom demand and publication timer, a standard feature of Kazu’s extortion model.\r\nThe 14-day countdown from the initial listing places the expected data release date on November 26, 2025, if no\r\npayment is made.\r\nComparative Context and Global Parallels\r\nhttps://botcrawl.com/national-civil-service-commission-of-colombia-data-breach/\r\nPage 2 of 4\n\nThis breach bears resemblance to other high-profile ransomware attacks against government entities that\r\ncombined data theft with extortion. It mirrors aspects of the Knownsec data breach and other international cases\r\nwhere stolen state data was used to pressure national authorities. Like those events, the CNSC attack demonstrates\r\nhow cybercriminals increasingly target administrative systems managing civil infrastructure rather than focusing\r\nsolely on commercial or financial sectors.\r\nThe size of the breach (nearly 3 terabytes) suggests full system infiltration, rather than selective data theft. The\r\nstolen information likely includes records that could be cross-referenced with national ID databases and tax\r\nrecords, amplifying privacy risks for millions of Colombian citizens.\r\nMitigation Strategies and Immediate Actions\r\nFor the National Civil Service Commission of Colombia\r\nImmediately disconnect affected servers and secure all endpoints to prevent further data exfiltration.\r\nInitiate a full forensic investigation to determine the entry vector, data scope, and systems impacted.\r\nNotify affected individuals and employees in accordance with Colombia’s data protection laws.\r\nEngage with national cybersecurity authorities (ColCERT) and law enforcement agencies to coordinate\r\nincident response.\r\nReset all credentials and implement multi-factor authentication across all CNSC systems.\r\nReview and strengthen network monitoring and backup policies to ensure resilience against similar attacks.\r\nFor Colombian Citizens and Public Sector Employees\r\nBe cautious of phishing messages impersonating CNSC or other government agencies.\r\nMonitor personal accounts for unusual login attempts or identity misuse.\r\nUpdate passwords for any government or recruitment-related accounts.\r\nEnable multi-factor authentication and regularly review security settings.\r\nRun system scans using a trusted anti-malware solution such as Malwarebytes to detect possible infections.\r\nWider Implications for Latin America\r\nThe Kazu ransomware group’s focus on Latin American targets highlights growing cybercrime activity in the\r\nregion. Government entities managing public databases have increasingly become entry points for cybercriminals\r\ndue to outdated IT infrastructure and inconsistent data protection practices. As ransomware operations evolve,\r\ncooperation among Latin American cybersecurity agencies will be vital to strengthen defenses and improve early-warning systems for public sector networks.\r\nData Protection Services\r\nFor Colombia, the breach may trigger increased scrutiny of data security practices and legal reforms aimed at\r\nstrengthening digital sovereignty. Similar to European data protection frameworks, Colombia may consider\r\nenhanced oversight mechanisms for government data storage and third-party software contracts.\r\nData Breach Summary\r\nhttps://botcrawl.com/national-civil-service-commission-of-colombia-data-breach/\r\nPage 3 of 4\n\nOrganization: National Civil Service Commission of Colombia (CNSC)\r\nLocation: Colombia\r\nThreat Actor: Kazu ransomware group\r\nRansom Demand: $300,000\r\nData Volume: 2.9 TB (9,252,093 files)\r\nSector: Government\r\nAttack Type: Ransomware and data exfiltration\r\nStatus: Ongoing, data pending release\r\nThe National Civil Service Commission of Colombia data breach is a significant event in Latin America’s\r\ncybersecurity landscape. The exposure of massive government records could have long-lasting implications for\r\nnational data governance and citizen privacy. Strengthening digital infrastructure, improving access controls, and\r\nenhancing cross-agency threat intelligence will be crucial for preventing similar incidents in the future.\r\nHome Network Security\r\nFor verified coverage of major data breaches and the latest cybersecurity threats, visit Botcrawl for ongoing\r\nupdates and expert analysis on global digital security events.\r\nSource: https://botcrawl.com/national-civil-service-commission-of-colombia-data-breach/\r\nhttps://botcrawl.com/national-civil-service-commission-of-colombia-data-breach/\r\nPage 4 of 4",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"MISPGALAXY",
		"Malpedia"
	],
	"references": [
		"https://botcrawl.com/national-civil-service-commission-of-colombia-data-breach/"
	],
	"report_names": [
		"national-civil-service-commission-of-colombia-data-breach"
	],
	"threat_actors": [
		{
			"id": "d3a027b4-6a97-44c9-8caf-f3a62241ceba",
			"created_at": "2026-01-23T02:00:03.297223Z",
			"updated_at": "2026-04-10T02:00:03.935556Z",
			"deleted_at": null,
			"main_name": "Kazu",
			"aliases": [],
			"source_name": "MISPGALAXY:Kazu",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		}
	],
	"ts_created_at": 1775434176,
	"ts_updated_at": 1775792161,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/4f0e092c739b71566c6d9ee733efd0af698cc66f.pdf",
		"text": "https://archive.orkl.eu/4f0e092c739b71566c6d9ee733efd0af698cc66f.txt",
		"img": "https://archive.orkl.eu/4f0e092c739b71566c6d9ee733efd0af698cc66f.jpg"
	}
}