Gone are the days when data breaches were only a concern for countries in the developed world. In today’s increasingly connected and fast-growing digital economy, cybercriminals have shifted their attention south to Latin America (LATAM), where they can more easily steal valuable data from unsuspecting users unaware of the risks associated with online activities.
With the recent surge in digital transformation via cloud deployments, various organizations in Latin America are increasingly exposed to cyber risks. Last year, data breaches descended upon many businesses within countries in South America and Central America, such as Chile, Mexico, and Colombia. These security incidents were exacerbated by reliance on legacy systems and inadequate training for IT personnel. This blog post will explore the top three LATAM countries affected by data breaches last year and their impact: outlining the breach, the time it took to discover them, and the aftermath.
LATAM Countries Affected by Data Breaches in 2022
The Latin American region was one of the hardest-hit areas by data breaches in 2022. The three countries that reported the most significant breaches were Chile, Mexico, and Colombia. The region was particularly vulnerable due to its frequently outdated and inadequate cybersecurity measures. The severity of the incidents ranged from stolen personal information to significant financial losses, leading to extensive reputational and economic damage in the region.
An analysis by external cybersecurity firms pointed to a common link between the three countries: outdated security systems. Most of these systems used antiquated technologies and tools, making them ill-equipped to fight cybercriminals quickly and efficiently. The top three LATAM data breaches in 2022 included:
Chile
In August 2022, Chile’s Ministry of Interior reported that a massive data breach had been detected, targeting Windows and VMware ESXi servers. The malicious actors behind the attack used a piece of ransomware to encrypt files on these systems, renaming them with the extension .crypt.
Timeline
The Ministry reported the details of the breach on August 25th, 2022. According to the report, some indicators of compromise were made public, and it is believed that the incident involved a relatively new form of ransomware called RedAlert (also known as N13V). RedAlert uses double extortion, which encrypts the victim’s files and threatens to leak data stolen from its systems unless a ransom is paid.
Aftermath
The hackers left ransoming notes on the infected machines and threatened to leak stolen data if a ransom wasn’t paid. The Chilean government immediately took measures to contain the breach and investigate the attack’s origin. They also alerted other state organizations and private companies of the incident and guided how to mitigate similar threats. Furthermore, they recommended all organizations in Chile apply preventive measures such as using a properly configured firewall and antivirus tools.
Mexico
On September 30th, 2022, Mexico’s Defense Ministry was targeted by a major hack. This breach exposed medical data about the President of Mexico, Andres Manuel Lopez Obrador, including his medical records.
The hack also revealed numerous confidential details about the Mexican armed forces and other government entities, including data regarding military operations, monitoring of journalists and activists, as well as evidence of corrupt activities between authorities and criminal groups.
This breach caused alarm in the country and internationally, demonstrating an urgent need for improved security measures in Mexico. The attack came on the heels of other cyberattacks targeting the Mexican public sector. As a result of this breach, the Mexican government has enacted more stringent security measures and laws to protect critical infrastructure and data.
Timeline
It is not clear when the data breach at the Mexican Defense Ministry happened. However, local media reported in October 2022 that the group known as Guacamaya had hacked the Ministry’s systems. The group had previously claimed responsibility for hacks in Peru, El Salvador, Chile, and Colombia. The group is believed to have accessed up to six terabytes of data in the security breach.
Aftermath
Apart from confirming the hack, the Defense Ministry has not shared any other details, including the possible risks caused by the breach. It is unclear how the group accessed such a large amount of data or if any actions have been taken to mitigate future security risks.
Colombia
Incidents of data breaches have been rising in Colombia over the past few years, and 2022 was no exception. In December 2022, a large-scale data breach occurred that exposed the Colombian healthcare system. At the center of the breach was Keralty, a multinational healthcare organization.
The breach was caused by RansomHouse ransomware, which disrupted the websites and operations of Keralty and its subsidiaries. The attack resulted in the compromised data of thousands of users and exposed confidential information such as names, addresses, social security numbers, medical records, and other sensitive data.
The breach resulted in increased patient wait lines due to failed scheduling systems across several hospitals. This caused a significant strain on the healthcare system and its patients, with many unable to access care or receive medical attention. The Keralty Group has since taken significant steps to strengthen its cybersecurity systems, such as investing in advanced software security and hiring trained personnel. This attack serves as a reminder.
Timeline
The attack occurred on Sunday, November 27th, and was initially suspected to be caused by the RansomHouse group of threat actors. The group later confirmed their involvement and claimed they had stolen 3TB of data. Keralty Group released a statement on December 1st, 2022 condemning the attack and informing the public that they were taking measures to protect their systems.
Aftermath
Since the breach, the company has not issued a follow-up update to give more details on the scope of the attack, the data that was compromised, or any steps taken to mitigate any potential risks.
Conclusion
In today’s world, data breaches are a growing concern for countries in Latin America and the Caribbean. Secure source code and application security can help protect organizations from becoming victims of data theft. In addition, programming language-diagnostic security solutions and continuous monitoring are essential for detecting malicious activity.
Organizations are turning to Kiuwan as the best solution to guard against these threats. We have created products like Code Security [SAST] and Software Composition Analysis [SCA] to aid organizations in their fight against data breaches. With these tools, organizations in LATAM can stay informed on the latest vulnerabilities and have peace of mind knowing their app is secure.
Businesses must protect themselves with reliable solutions, such as Kiuwan, when data breaches are rising in LATAM countries. To read more about this in depth, check out our eBook: Software Security Report in LATAM.
Contact us today to learn more about how Kiuwan can protect your business from data breaches.
