Alleged Breach of Chile's Servicio Civil Platform Exposes 110K Public Servant Records With Full Names and User IDs

Summary

A threat actor known as NyxarGroup has publicly leaked 110,000 records from Chile's Servicio Civil training platform, exposing full names and user IDs of government employees and public servants. This is the second Chilean government target breached by the actor in a single day, following a prior attack on the Ley del Lobby platform. The free public release of the data significantly increases exposure risk compared to paid-access listings.

Full text

Dark Web Informer - Cyber Threat Intelligence Alleged Breach of Chile's Servicio Civil Platform Exposes 110K Public Servant Records With Full Names and User IDs March 23, 2026 - 9:11:42 AM UTC Chile Government Standalone API Access Now Available High-volume threat-intelligence data, automated ingestion endpoints, ransomware feeds, IOC data, and more. View API Unlock Exclusive Cyber Threat Intelligence Powered by DarkWebInformer.com Stay ahead of cyber threats with real-time breach tracking, expert analysis, and high quality evidence - built for security professionals, researchers, journalists, and everyday people who take their privacy seriously. Subscribe Now Quick Facts Date & Time 2026-03-23 09:11:42 UTC Threat Actor NyxarGroup Victim Servicio Civil (Chile) Industry Government Category Data Leak Alleged Records 110K Price Free (Public Leak) Network Open Web Country Chile Related Actor Activity Ley del Lobby Breach Incident Overview A threat actor going by NyxarGroup has published 110,000 records allegedly taken from Chile's Servicio Civil campus platform, the government training portal where public servants access professional development courses and programs. Servicio Civil is Chile's National Civil Service Agency responsible for strengthening public sector workforce management and professionalization. Unlike their previous listing targeting Chile's Ley del Lobby platform (priced at $2,000), this data has been published as a free download, making it immediately accessible to anyone. The actor states the database contains: Fully Qualified Names: Complete names of public servants registered on the training platform. User IDs: Internal platform identifiers tied to each individual. While the data fields are limited compared to other breaches, the value lies in who is exposed. This is effectively a directory of 110,000 Chilean government employees and public servants who have accessed the civil service training system. Combined with the Ley del Lobby data from the same actor, it gives a broader picture of Chile's government workforce. The actor also hinted at future activity, stating they will soon publish data from another Chilean website. This marks NyxarGroup's second Chilean government target in the same day. Compromised Data Categories Full Names of Public Servants User IDs Government Employee Directory Image Preview Claim URL Subscriber Access Required The original listing URL and unredacted claim images are available on the Threat Feed and Ransomware Feed for paid subscribers. Subscribe Subscriber Access View the original listing URL and unredacted claim images on the feeds below. Threat Feed Ransomware Feed MITRE ATT&CK Mapping T1190 Exploit Public-Facing Application Targets vulnerabilities in the government training portal to gain unauthorized access to the user database containing public servant records. T1213 Data from Information Repositories Extracts structured user records from the Servicio Civil training platform database, pulling names and identifiers for 110,000 government employees. T1589.003 Gather Victim Identity: Employee Names Harvests fully qualified names of government employees from the civil service training system, creating a directory useful for social engineering and targeted attacks. T1567 Exfiltration Over Web Service Publishes the stolen database as a free download on web forums, making 110,000 public servant records immediately accessible to anyone. Dark Web Informer © 2026 | Cyber Threat IntelligenceDarkWebInformer.com

Indicators of Compromise

• mitre_attack — T1190
• mitre_attack — T1213
• mitre_attack — T1589.003
• mitre_attack — T1567