Resecurity identified<\/a> a massive leak of the personally identifiable information (PII) of over five million citizens from El Salvador on the Dark Web<\/a>, impacting more than 80% of the country\u2019s population.<\/p>\n\n\n\n
The data dump includes the following fields:<\/p>\n\n\n\n
– ID
– Identification document (DUI)
– Names\/Last names
– Date of birth
– Telephone
– Email
– Address
– Photo of the victim
Ultimately, this data leak is significant because it marks one of the first instances in cybercrime history where virtually the entire population of a country has been affected by a compromise of biometric data. A Federal Trade Commission<\/a> advisory published last year states, \u201cBiometric information refers to data that depict or describe physical, biological, or behavioral traits, characteristics, or measurements of or relating to an identified or identifiable person\u2019s body.\u201d
Beyond the massive scale of Salvadorian PII records, threat actors also obtained a headshot of each victim, which represents a crucial biometric data marker \u2013 particularly in the golden age of generative AI. Notably, the vast scale of this biometric and PII data breach places most of El Salvador\u2019s population at significant risk for identity theft and fraud. Armed with modern deep fake technology, threat actors can leverage victim headshots and related PII to stage more convincing frauds across a broad universe of digital-first financial, merchant, and government portals.<\/p>\n\n\n\n
The detailed report is available here<\/a>:<\/p>\n\n\n\n
Follow me on Twitter: @securityaffairs<\/strong><\/a> and Facebook<\/strong><\/a> and Mastodon<\/a><\/p>\n\n\n\n
Pierluigi Paganini<\/strong><\/a><\/p>\n\n\n\n
(<\/strong>SecurityAffairs<\/strong><\/a>\u00a0\u2013<\/strong>\u00a0hacking,\u00a0El Salvador)<\/strong><\/p>\n","protected":false},"excerpt":{"rendered":"