{ "id": "604c13c0-66ba-4a26-953a-38890b66d76e", "created_at": "2026-04-06T00:21:04.948435Z", "updated_at": "2026-04-10T13:13:04.434867Z", "deleted_at": null, "sha1_hash": "8a79ce472d113d0999365582b34f8ea0994edb08", "title": "El Salvador suffered a massive leak of biometric data", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 832349, "plain_text": "El Salvador suffered a massive leak of biometric data\r\nBy Pierluigi Paganini\r\nPublished: 2024-05-06 · Archived: 2026-04-05 16:32:44 UTC\r\nResecurity found a massive leak involving the exposure of personally identifiable\r\ninformation (PII) of over five million citizens of El Salvador on the Dark Web.\r\nResecurity identified a massive leak of the personally identifiable information (PII) of over five million citizens\r\nfrom El Salvador on the Dark Web, impacting more than 80% of the country’s population.\r\nThe threat actor, going by the alias ‘CiberinteligenciaSV,’ posted the 144 GB data dump to Breach Forums,\r\nwriting that the leak included 5,129,518 high-definition photos, each labeled with the corresponding Salvadorian’s\r\ndocument identification (DUI) number. Resecurity assesses that the real intellectual authors of this breach appear\r\nto have an interest in obscuring their involvement, using the background specter of the Guacamaya group and its\r\nunofficial proxies to form a cloud of uncertainty surrounding the real threat actors and attack chain that caused the\r\ndata leak.\r\nThe data dump includes the following fields:\r\n– ID\r\n– Identification document (DUI)\r\n– Names/Last names\r\n– Date of birth\r\n– Telephone\r\nhttps://securityaffairs.com/162790/data-breach/el-salvador-massive-leak-biometric-data.html\r\nPage 1 of 2\n\n– Email\r\n– Address\r\n– Photo of the victim\r\nUltimately, this data leak is significant because it marks one of the first instances in cybercrime history where\r\nvirtually the entire population of a country has been affected by a compromise of biometric data. A Federal Trade\r\nCommission advisory published last year states, “Biometric information refers to data that depict or describe\r\nphysical, biological, or behavioral traits, characteristics, or measurements of or relating to an identified or\r\nidentifiable person’s body.”\r\nBeyond the massive scale of Salvadorian PII records, threat actors also obtained a headshot of each victim, which\r\nrepresents a crucial biometric data marker – particularly in the golden age of generative AI. Notably, the vast scale\r\nof this biometric and PII data breach places most of El Salvador’s population at significant risk for identity theft\r\nand fraud. Armed with modern deep fake technology, threat actors can leverage victim headshots and related PII\r\nto stage more convincing frauds across a broad universe of digital-first financial, merchant, and government\r\nportals.\r\nThe detailed report is available here:\r\nhttps://www.resecurity.com/blog/article/massive-dump-of-hacked-salvadorean-headshots-and-pii-highlights-growing-threat-actor-interest-in-biometric-data\r\nFollow me on Twitter: @securityaffairs and Facebook and Mastodon\r\nPierluigi Paganini\r\n(SecurityAffairs – hacking, El Salvador)\r\nSource: https://securityaffairs.com/162790/data-breach/el-salvador-massive-leak-biometric-data.html\r\nhttps://securityaffairs.com/162790/data-breach/el-salvador-massive-leak-biometric-data.html\r\nPage 2 of 2", "extraction_quality": 1, "language": "EN", "sources": [ "MISPGALAXY", "Malpedia" ], "origins": [ "web" ], "references": [ "https://securityaffairs.com/162790/data-breach/el-salvador-massive-leak-biometric-data.html" ], "report_names": [ "el-salvador-massive-leak-biometric-data.html" ], "threat_actors": [ { "id": "ae7c5e09-a79b-4dae-8ed3-f288b8d99810", "created_at": "2023-11-08T02:00:07.110982Z", "updated_at": "2026-04-10T02:00:03.416181Z", "deleted_at": null, "main_name": "Guacamaya", "aliases": [], "source_name": "MISPGALAXY:Guacamaya", "tools": [], "source_id": "MISPGALAXY", "reports": null }, { "id": "049031c3-b9d7-4a08-b5f8-55120ee7389d", "created_at": "2024-05-23T02:00:03.980245Z", "updated_at": "2026-04-10T02:00:03.640143Z", "deleted_at": null, "main_name": "CiberInteligenciaSV", "aliases": [], "source_name": "MISPGALAXY:CiberInteligenciaSV", "tools": [], "source_id": "MISPGALAXY", "reports": null } ], "ts_created_at": 1775434864, "ts_updated_at": 1775826784, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/8a79ce472d113d0999365582b34f8ea0994edb08.pdf", "text": "https://archive.orkl.eu/8a79ce472d113d0999365582b34f8ea0994edb08.txt", "img": "https://archive.orkl.eu/8a79ce472d113d0999365582b34f8ea0994edb08.jpg" } }