In a post published on a dark web forum, a threat actor claimed responsibility for a data breach involving the Yucatán government’s transportation website.
According to the threat actors, the data leak reportedly includes sensitive information from the platform’s vehículos, conductores y empresas (vehicles, drivers, and companies) section. The leaked sample allegedly contains personal records such as names, last names, license numbers, phone numbers, home addresses, CURP (a national identity code), geographic coordinates, and employment details.
A sample shared by the threat actors allegedly contains the following data fields:
- Name
- Last name
- License number
- Phone
- Address
- Status
- Created at
- Created by
- Updated by
- Updated at
- Employee number
- License validity
- CURP (Unique Population Registry Code)
- Latitude
- Longitude
- Is active
While the authenticity of the leaked data has not been independently verified, the group has allegedly shared proof-of-access through a sample dataset.
