Mexican journalists' data exposed in government server leak
Take action: This incident is a great lesson learned in timely offboarding of user accounts as well as shutting down legacy systems - because nobody takes care of them.
Learn More
The personal details of at least 324 journalists registered with the Mexican presidency's office were inadvertently disclosed online. This breach, primarily affecting journalists who cover President Andrés Manuel López Obrador's daily live broadcasts, has sparked widespread concern and calls for a swift and thorough investigation by authorities, including the Committee to Protect Journalists (CPJ).
The compromised information includes:
- journalists' full names,
- CURP codes (an ID number akin to a social security number)
- copies of personal identification documents.
During a press conference on January 29, President Obrador acknowledged the breach and confirmed that an investigation was underway. Government officials have traced the source of the leak to an inactive government website, which was accessed using the credentials of a former employee through an IP address located in Spain.
In response to this incident, the National Institute for Access to Information and Protection of Personal Data (INAI), a federal agency tasked with safeguarding personal data, announced on January 28 that it had initiated an inquiry into the matter. However, the effectiveness of the communication surrounding the breach has been questioned, as affected individuals like freelance investigative reporter Rodolfo Montes reported only being notified about the leak after it had gained significant media attention.
