Hacker claims breach at Colombia's Tax Authority DIAN, alleges theft 18 million records
Learn More
The Dirección de Impuestos y Aduanas Nacionales (DIAN), Colombia's national tax and customs authority, has reportedly experienced a data breach on March 4, 2026.
A hacker operating under the alias ArcRaidersPlayer claims responsibility for allegedly compromising the agency's appointment scheduling platform. Initial reports suggest the breach allegedly stems from a known, unpatched vulnerability in the scheduling software developed by the third-party vendor Cielingenieria.
The hacker claims the stolen data comprises 18 million records stored in a 16GB SQLite database. This database is offered for sale on cybercrime forums for approximately $2,000 USD. Both information is very weird - a SQLite database of that size is not very probable, and the amount is trivial for such a large number of stolen records.
The hacker claims the stolen data includes:
- Full names
- Identification types and numbers
- Email addresses
- Mobile phone numbers
- Information on foreign citizens and companies
DIAN has yet to release an official statement regarding the breach. The incident reportedly targets the agendamiento.dian.gov.co subdomain, which citizens use to book in-person services at DIAN offices.
