Renaper: eight employees investigated for data leakage, but the Government denies a hack

The Government filed a criminal complaint against As a result of the leakage of information of at least 44 officials and public figures of knowledge in general, among them, Marcelo Tinelli, Lionel Messi, Máximo and Florencia Kirchner. As they clarified from the National Registry of Persons (Renaper), it was not a hack although they recognized that the improper use of a key given to a public body. In the investigation they target eight employees.

As detailed by the Renaper, during the weekend a Twitter user identified by the name of @aniballeaks, which referred to the Minister of Security Anibal Fernandez, had published in that social network the images of the DNI 44 individuals, among them, the president himself Alberto Fernandez, Marcelo Tinelli, Lionel Messi, Máximo and Florencia Kirchner, Elisa Carrió, Sandra Arroyo Salgado and Alberto Nisman, Jorge Lanata, Nelson Castro and Alfredo Leuco.

The account was created on September 25 and in its first publication it offered “all the personal data of the Gendarmerie, Army, Naval Prefecture, Navy, Air Force, Ministry of Defense 1,193,316 records.” But the data that set off the alarms in the Government was when this Saturday, October 9, in the morning, it began to publish photos of the DNI of more than 40 people, including, Gustavo Béliz, Juan Manzur, Santiago Cafiero and Oscar Parrilli, Máximo and Florencia Kirchner, the former heads of the Macrista AFI Gustavo Arribas and Silvia Majdalani.

In addition, the user promised that he could sell “all the data that is in the national identity document about anyone in Argentina. This includes photo, names, surnames, address, DNI processing number and everything necessary to create a false identity ”. The DNI procedure number became one of the most sensitive data since it is used for certain procedures with the State, such as, for Remote Procedures, in ANSES and in the CuidAR app ”.

As explained from the Renaper to Infobae, the alleged sale of personal data of 45 million Argentines cannot be verified. However, “the computer security team made a query on the 44 people involved in order to ascertain the latest consumption made through the use of the Digital Identity System (SID) on said profiles, detecting that 19 images had been consulted at the exact moment that they were published on the social network Twitter from an authorized VPN (Virtual Private Network) connection between ReNaPer and the Ministry of Health of the Nationn, and all the images had recently been consulted from that same connection ”.

In the registry, that connection “would have made several individual queries to the Renaper databases between 15:01 and 15:55 through the SID data validation service which, once the DNI and gender of the person, returns to the person who consults all the data printed in the National Identity Document, including image and other personal data, which were then immediately uploaded to the social network Twitter, without the consent of the Holder of the same ”.

For the case, the agency formalized a criminal complaint on Tuesday before the Federal Criminal and Correctional Court No. 11 Secretary No. 22 after detecting that, through the use of keys granted to public agencies, in this case the Ministry of Health, “Images were leaked as belonging to personal procedures carried out at the Renaper. From the agency dependent on the Ministry of the Interior it was confirmed that it was an improper use of the user or theft of the user’s password, and that the database did not suffer any data breach or leak “.

They also detected that an individual authorized user had improperly used the identity validation service for personal purposes through an authorized certificate from the National Ministry of Health, connecting through the corresponding VPN, with username and password.

In that sense, the Renaper clarified that the specialists carried out a preliminary analysis in which they ruled out “outright an unauthorized entry into the systems or a massive leak of the organism’s data.” In any case, the Ministry of the Interior recognized Infobae that there are eight people with that level of “access to keys” but they clarified: “They could have stolen the key and that is why the IP is being investigated.”

KEEP READING