However, it is not the first time that the body has been violated, according to foreign specialists, these are the times that the institute has suffered a leak:
2021: They sell two copies
The recent leak of the National Electoral Institute became The online sale of two copies of a database with 91 million data from the INE, it is known that for each one they paid 2,500 dollars. The database contains personal information such as date of birth, full names, address, sex and CURP of 91 million Mexicans and the seller assures that they are data updated to 2021.
YOU HAVE TO READ: CONFIRMED! The INE recognizes the sale of the register online
For his part the INE, accepted the leak and said that it could be information from 2018. However, investigating specialists confirmed that some of the the almost 100 thousand CURP published are true. Currently, the Electoral Center says that the INE investigates “possible sale of information from the Electoral Register” and you can know the research postulates on its official page, in this link.
2018: For sale on marketplace and other platforms a nominal list
In September 2018, a Twitter user denounced that a database of voters registered with the INE was for sale in the Mercado Libre, which was confirmed by the then head of Fepade, Héctor Díaz Santana. Then, in October of that year, the INE said through a statement that the Institute filed a complaint against whoever is responsible.
DO NOT STOP READING: SOLD OUT! Two copies of the Electoral Roll were bought on the black market
In the statement, the INE pointed out that to prevent the dissemination and violation of the personal data contained, the Cyber Police was notified to eliminate the content that was sold through Mercado Libre. “The characteristics and date of the database were verified, which coincide with those of the Nominal List of Voters as of January 15, 2015. In addition, it was possible to confirm the existence of identification marks that will allow to know the origin of the copy that was offered “, it is stated in the statement.
2016: Database with free access
In April 2016, Chris Vickery, a security researcher for MacKeeper, used Shodan, a search engine for devices and servers connected to the internet, to review various files that presented a MongoDB configuration error within Amazon Web Services.
The result was that Vickery found among the files, a document called “padron2015”, which contained a 132 GB database, with the personal information of 93.4 million Mexicans.
The data of the citizens exposed in the file were: Elector Code, National Folio, full name, date and place of birth, sex, occupation, full address, time of residence, entity, district, municipality, section, locality, number of issuance of credential and date of registration in the register. Only the photographs of the voters were not in the leaked database.
In conclusion, this event was not considered a hack, rather, it was all due to a negligence in the treatment of data. Thus, whoever had the link could freely access and download the database, without passwords and without any type of protection. The file was available in the cloud for more than half a year and because part of Access information is restricted and must be released by Amazon, it is not known with certainty how many people entered the file or downloaded it.
Finally, this incident added to the exposure of the voter registry on the searchdatos.com page in 2013 and The political party Movimiento Ciudadano, which was fined, was held responsible in both cases. for $ 31 million for the case of 2013 and $ 34.1 million for the case of 2016.
2015: Green identity theft
In 2015, what was then considered the largest identity theft in the history of Mexico occurred, when The Green Ecologist Party of Mexico (PVEM) used the INE database, with data on some 16,000 voter credentials from Chiapas, so that voters could be removed from the nominal list and registered as residents abroad.
The goal was for Chiapas citizens who had never left the country to appear as residents from the United States, Uganda, Vietnam, Angola, Liberia, Trinidad and Tobago, the Czech Republic and Armenia; and “they will vote from there”. This data leak is not considered a hack either since the data is provided by the INE to the parties in a legal manner, in this case, the exposure It was due to an improper use of the INE records by the PVEM
It is worth mentioning that in the list of leaks, There is also the sale of the electoral roll by the company Checkpoint to the United States government, as well as the leak of the nominal list of Sinaloa by the PRI.