Peruvian Taxpayers Breach Claim — 13063781 records Records

Claim Summary

An actor using the alias “ViralGod” has posted an unverified claim on a dark web forum, alleging the leak of a database belonging to Peruvian taxpayers. The post, dated July 21, 2024, purports to offer a downloadable file containing over 13 million records. The threat actor claims the data was originally leaked in July 2024, but notes the actual breach date is unknown, with a placeholder year of “2000” listed. The post credits another user, “Addka72424,” as a point of contact for correcting the breach date information. The claim includes a file hash and size details, but no sample data is publicly visible without forum registration.

What Is Allegedly Exposed

According to the forum post, the compromised dataset allegedly contains sensitive information on Peruvian taxpayers. The claimed data types include full names, complete physical addresses, and Tax Identification Numbers (Tax IDs). The post states the uncompressed file is approximately 1.32GB in size, containing roughly 13,063,781 records. The presence of national Tax IDs combined with personal identifiers and addresses would constitute a high-severity data exposure if verified.

Threat Actor Profile

The primary actor, “ViralGod,” appears to be leveraging a known data breach forum to distribute this alleged dataset. There is no immediate, widely recognized reputation associated with this alias, which is a common red flag. The mention of a second user, “Addka72424,” suggests possible collaboration or a division of roles, such as data curation or metadata management. The act of posting the data for public download, rather than an exclusive sale, can indicate motives ranging from notoriety-seeking to hacktivism, though the post itself provides no stated motive.

Potential Impact

If this claim were validated, the potential impact would be severe. A national taxpayer database containing Tax IDs, names, and addresses could facilitate large-scale identity theft, sophisticated phishing campaigns, and financial fraud. For individuals, this data could be used to impersonate them with government or financial institutions. At a national level, such a breach could undermine trust in public institutions and data security protocols. The scale of over 13 million records suggests nearly the entire Peruvian taxpayer registry could be implicated.

What to Watch For

1. Data Validation: Monitor for the alleged dataset appearing on other forums, leak sites, or in criminal marketplaces. Confirmation would likely come from other actors analyzing or trading the data.
2. Actor Activity: Watch for follow-up posts from “ViralGod” or “Addka72424” providing more context, samples, or making additional claims.
3. Official Response: An official statement from Peruvian tax authorities (SUNAT) confirming or denying a breach would be a critical development.
4. Downstream Use: Be alert for a rise in targeted phishing (smishing or vishing) campaigns or fraud attempts against individuals in Peru, which could serve as indirect proof of the data’s authenticity.
5. Hash Correlation: The provided MD5 hash (CEA7645D2218FEDD11D43B8C8E6F1FEE) could be used by researchers to identify this specific file if it circulates elsewhere.

Disclaimer

This report details an unverified claim from a dark web forum. The information presented here is based solely on the threat actor’s post and has not been independently confirmed by Yazoul Security or corroborated by official sources. The existence of the breach, the accuracy of the data, and the number of records affected are all allegations at this time. This report is for situational awareness and proactive threat intelligence purposes only.