A hacking syndicate identified as Sc0rp10n has leaked an 8.16 GB database containing sensitive information belonging to millions of Mexican taxpayers. The breach includes full names, home addresses, dates of birth, RFC tax identification numbers, and CURP population registry codes.
Journalist Ignacio Gómez Villaseñor reported the leak on X, citing claims made by the hackers themselves. According to the group, the data was originally extracted in 2024 but was released publicly after third parties attempted to monetize the stolen information.
“Me enteré de que una base de datos privada del SAT extraída por mí y mi grupo en 2024 ahora está siendo distribuida y monetizada por terceros que intentan atribuirse el mérito,” the group stated in a post shared by Villaseñor. “Si es mía, nadie se beneficiará de ella. Por eso la estoy publicando gratis.”
A pattern of systematic cyberattacks
This incident marks the latest in a string of high-profile security breaches targeting Mexican government institutions. Villaseñor previously linked the Sc0rp10n group to the 2025 theft of medical and personal records belonging to 20 million Mexican Social Security Institute (IMSS) beneficiaries. That data was reportedly sold for 50,000 pesos.
Beyond federal agencies, the group is also suspected of compromising the Nuevo León State Attorney General’s Office in 2024. That breach exposed over 13,000 sensitive files, including 960 active criminal investigation folders. Authorities did not confirm the extent of that intrusion until December, though security experts detected the initial access months earlier.
Mexican public institutions have faced an aggressive start to 2026. In February, the National Commission of Insurance and Bonding confirmed a security breach that exposed the credentials of insurance and finance agents. Similarly, the National Autonomous University of Mexico (UNAM) reported that five of its systems were accessed illicitly between late 2025 and January 2026.
These attacks are part of a broader trend affecting the education sector, with at least 20 public universities reporting cyber incidents in early 2026. Security analysts at Kaspersky warn that the country faces its highest risk of cyberattacks to date this year. The firm anticipates that the total number of attacks could double the 30 million incidents recorded in 2025, noting that the 2026 World Cup may serve as a catalyst for increased criminal activity.
