Threat Actor Claims to Leak an INEGI Mexico Database Dump, 122K Businesses + 30K PII Records
Threat actor claims to have leaked 122K business records and 30K birth records from Mexico's INEGI.
Summary
A threat actor using the alias 'sativa' claims to have leaked a database dump from INEGI (Mexico's national statistics institute), allegedly sourced from internal GOB.MX services. The dump includes approximately 122,173 business directory records (DENUE) with contact details and GPS coordinates, and roughly 30,363 birth records containing sensitive personally identifiable information. The claim remains unverified, INEGI/GOB.MX has not publicly responded, and authenticity is uncertain given that portions of the DENUE dataset are routinely published.
Full text
Data122K + 30K records PriceFree dump CountryMexico Actorsativa ▣Post details TargetINEGI (Instituto Nacional de Estadística y Geografía) CountryMexico SectorGovernment / National Statistics ClaimFree database dump posted with download links DataBusiness directory + birth records + cartography ObservedJun 1, 2026 PriceFree dump Actorsativa !Allegedly exposed DENUE business directory (~122,173 records) Business names, legal names & addresses Postal codes and business phone numbers Business emails, websites & social handles GPS coordinates of establishments Birth records (~30,363 records) Newborn birth date, sex, weight & height Mother's age, education & marital status Hospital facility codes (CLUES) & APGAR Full PostGIS cartography (states to blocks) Screenshots Screenshot 1 Redacted preview Screenshot 2 Redacted preview ⚠Potential impact If the dump is genuine, the exposure of roughly 30,000 birth records, including newborn details, mothers' ages, education and marital status, and hospital facility codes, could enable serious privacy violations and the targeting of identifiable individuals. The business directory adds contact details and precise GPS coordinates usable for fraud or spam, though much of the DENUE dataset is normally public. A claimed compromise of GOB.MX internal services would also raise broader concerns about government system access. iStatus Unverified Free download links and data samples were posted to an underground forum; the samples, links, and actor contact details are not reproduced here. The claim has not been independently confirmed, INEGI/GOB.MX has not publicly addressed it, and because some of the listed business directory data is routinely published by INEGI, the dump's novelty and authenticity remain uncertain. Want the non-redacted screenshots? Paid subscribers get all of the claim details and unredacted screenshots, check out the threat feed or ransomware feed. View pricing → DARK WEB INFORMER - THREAT INTELLIGENCE
Indicators of Compromise
- malware — DENUE business directory dump