Name, address, CURP, social security number and conditions of around 20 million IMSS pensionersamong other personal data, they are on sale in the dark web, Internet space that allows hiding the identity and location of users.
In an interview with The UniversalIgnacio Gómez Villaseñor, a journalist specialized in Cybersecurity And who announced the case on September 12, said the group of hackers that stole these data, called SC0RP10NN, confirmed its Sale in 50 thousand pesos and that he still offers it to the highest bidder. In this regard, in a position requested by this newspaper to the Social Securitythe institute denied that some pension database has been pirate, but reported on “a possible filtration due to the improper use of institutional information by personnel.”
However, it is not the only infringement that has suffered the IMSS.
Read too Start second delivery of medicines kits of the health routes of the IMSS well -being
Threat researchers confirmed that the stolen information coincides with the IMSS records, through a “base life test” requested from hackers. Photo: Special
Only in 2025, their databases have been hacked three times; in one of them 56 million right -holding records were stolenaccording to data from cybersecurity experts.
Gómez Villaseñor said that the theft of the data of millions of pensioners exposes them to be potential Victims of extortion, Identity Supplant or other crimes, since it can be acquired by the racketeering in it Black Market.
“Medical conditions, names, CURP, dates of birth are filtered and, basically, it is like an information cocktail to be able to make fraud and extortion data, even. So, it is extremely serious. For example, the blood typeeven, to matter organ trafficking”.
Read too After protests, Hugo Aguilar receives retirees from IMSS in SCJN facilities
Dark Web, “IMSSpensionados2025” stands out. Photo: Special” auth=”c6b39bf17c4743d0f3d57f417224a746a385fe3153efb3b2888b1a275b56fcaf” loading=”eager” fetchpriority=”high”/>Among the bases that are on sale in the Dark Web, “IMSSpensionados2025” stands out. Photo: Special
He explained that these data are sold in the Dark Web for insignificant amounts compared to the information obtained, so it is easy to access it.
“Many times it is believed that these bases are usually sold in many millions and the truth is that no, it is for a few thousand pesos, you can access the records, sometimes they can even sell by Specific consultationsthat is, if you want to see the data of a specific person who are within this databaseThey usually charge anything else for the visualization of that data, ”he explained.
Gómez Villaseñor warned that the theft of hacker information is real, since it has followed up their activities and its record There are other confirmed cyber attacks. For example, last year they violated the cybersecurity of the C5 of Hidalgo and the Prosecutor’s Office of Nuevo Leónwhich later recognized the subtraction of information. “This hacker always usually publishes all the evidence of income, how the systems are, how the information is being visualized, from that moment I noticed that it was quite real. In addition to SC0RP10nn LAck and several attacks And I have not learned any other than true.
Read too Health exhibits in the morning of Sheinbaum companies breached companies up to 100%!
“What I think was that I had managed to violate the IMSS for some time, and I was waiting for an adequate time to filter the information,” he said.
Last week he presented another hacking, but to the database of the selection of doctors of the IMSS goodstakes one San Luis Potosí; There are 4.7 gigabytes with sensitive information of all the doctors who participated in the hiring process.
“I am talking about more than 4 gigabytes of all the documents, of those who are asking for work, of the doctors. They even came to how many sexual couples each of them had had, his resumemedical analysis, all your history of IMSS well -being. Two days ago, all the information of the doctors could still be visualized, and it is quite serious because they can do acts of extortion against them, it is a huge file of each of the people who contended for one of the vacancies of the IMSS welfare, ”he explained.
Read too Sheinbaum warns to criminal complaints against pharmacists who fail to comply with the delivery of medications
Days ago, as part of the monitoring Diario that makes the Dark Web and the Clearnet (public access Internet), Gómez Villaseñor also confirmed the hacking and sale of 80 million records with personal data in possession of the Infonavit.
“I learned from another malicious actor, or another hacker, who confirmed the vulnerability. The data is still for sale, I do not know if it has been sold or not, but at least I know that they are commercializing them actively. I also saw the information and, at least, a rather large sample of more than a thousand records that indicated that everything was real,” he said.
The Great Diario de México also consulted Víctor Ruiz, founder of Silikn and cybersecurity expert, who said the IMSS has suffered several hackeos. One of them spread on June 11, 2025, “that it could be a republication to a publication of a previous database.”
Read too They present in San Lázaro a request for political trial against Adam Augusto López
“There is a database of 56 million, which is one that also leaked between last year and this year. There may also be people who have already died, for example, and that follow their record there, but it is importantly because if it has beneficiaries, contact with children, with a wife, with dad, with mom, can also get to reach the best affect these people”.
But it is not the only one, “there is another that does not say how many records, but it is a document of 31 gigabytes and It is organized by states. This was exposed on May 7 ”last.
“There was another database that had around 63 thousand records, which may not be the complete base, but have extracted parts. A cybercriminal can be selling the database, and if they do not buy it… leave it exposed for free. Then, several criminals take it, extract it and from there they can already play, distribute, divide it according to what they need. Aguascalientesor users of Tlaxcala or of Chihuahuaby states, there may also be one by age, ”he explained.
Read too Alist Senate Meeting with Marine Secretary to expose fiscal huachicol
On May 23, Ruiz also reported the hack of 725 gigabytes of information from various units of the Federal Governmentthe IMSS between them; However, there was no response or reaction to contain data theft.
“In the case of the Government we have found different bases at different times, and we have reported them to the institutions affected simultaneously, Also to the National Guard, which are in charge of cyber incidents … every time we make a report, we do not receive an answer, ”he lamented.
The leader of the cybersecurity startup assured that the IMSS faces several vulnerabilities because its security systems have not been updated, it lacks trained personnel in cybersecurity and an department responsible for responding to such attacks; Nor does it maintain protocols, policies or guidelines in this regard.
Read too They link Hernán Bermúdez to the process by criminal association, kidnapping and extortion
“[El IMSS] He has been the victim of attacks ransomware [bloqueo del sistema informático]de phishing [suplantación de identidad]they supplant the identity of the IMSS to provoke scams, they have stolen information, it is a dependence continuously attacked, but Not much has been done about it. Every time an attacker violates IMSS, it violates us all, but also including the people of the IMSS and the people of the government. ”
For his part, Manuel Rivera, by Nekt Group, explained that his threat intelligence area confirmed that the IMSS pension database is on sale on the Dark Web and that it was violated since last month. “The date from which it is offered is August 9, and is a database of 1.4 Gigabytes, which for size can perfectly represent 20 million records.”
In addition, he assured that Threat researchers confirmed that the pirated database coincides with the IMSS records, through a “Base life test“Requested hackers.
Read too Deputies support reform so that Senate ratifies commanders of the National Guard proposed by the Executive
Through an information card, Social Security reported that the Information filtration It could be due to an improper use made by your own staff.
In addition, he said he works with the competent authorities to investigate the case and determine the conducive actions, including the possible application of sanctions.
“Preliminary investigations indicate a possible filtration due to the improper use of access to institutional information by personnel,” the IMSS specified.
He assured that the Institute’s systems have robust safety mechanisms and vulnerabilities prevention analysis, and denied the theft of the database of 20 million pensioners.
