A threat actor has allegedly leaked a database containing 19,200 records from the District Institute for Participation and Community Action (IDPAC), a key governmental body in Bogotá, Colombia. The data was posted on a dark web forum, with the actor claiming to have exfiltrated sensitive information belonging to citizens who have interacted with the agency. IDPAC is a vital public entity responsible for fostering, strengthening, and guaranteeing the right to citizen participation in the capital city, managing community action boards, and promoting democratic culture. The breach could potentially impact thousands of individuals involved in local governance and community initiatives.
The actor behind the incident advertised the data leak, providing samples and links to the full database. The compromised information allegedly includes a wide range of personally identifiable information (PII), which could be exploited for various malicious activities, including identity theft, phishing campaigns, and fraud. The exposure of such data from a government source is particularly concerning, as it can erode public trust and endanger the privacy of citizens engaged in civic processes.
The leaked data allegedly contains the following personal details:
- ID numbers
- Full names
- Dates of birth
- Physical addresses
- Email addresses
- Cell phone numbers
