Mexico's National Coordination of Programs for Social Welfare would have suffered a cyberattack that exposed personal and banking data of beneficiaries of social aid. The leak would include more than 1 GB of files with photographs, welfare cards, bank accounts, CURP, RFC, and phone numbers.
The main gap lies in the distance between the potential reach of the affected system and what has surfaced so far. Although initial indications point to about 500 detected records, social programs bring together about 18.4 million beneficiaries, and the appearance of additional files opens the door to a greater exposure.
The dump exceeded 1 GB and has already circulated in cybercriminal forums
Ignacio Gómez Villaseñor, a journalist specializing in security, stated that the seriousness of the case lies in the type of documents exposed and the use that third parties can make of them. The material, as he explained, has already appeared in open spaces frequented by cybercriminals.
"It is serious because they exposed people's photos with their welfare cards, their bank accounts, CURP, RFC, and phone information. Each of these folders is perfect for carrying out criminal acts such as emptying bank accounts" - Ignacio Gómez Villaseñor, journalist specializing in security
Initially, data from about 500 people came to light. Later, more files appeared, a detail that points to a larger leak and complicates efforts to determine how many beneficiaries may have been exposed.
No authority has officially confirmed the incident. Nevertheless, Gómez Villaseñor disseminated images on his Facebook account that, according to his account, prove the exposure of the database.
The portal registered failures days before and the attack came after another confirmed hack
Days before the incident, the Programs for Social Welfare portal registered technical failures. Warnings attributed to a group of cybercriminals also circulated, a prior movement that coincides with the sequence described by the specialist.
Furthermore, the attack occurred one day after an alleged hack of the National Civil Protection Coordination. That intrusion was indeed confirmed by the institution itself and affected data of officials from Conagua, Foreign Relations, Ministry of the Interior, IMSS, and SEP.
Gómez Villaseñor suggested that both episodes could be related and that the same group would have carried out the two attacks. The journalist also stated that the leak of the Welfare Programs has not been admitted by the authorities despite the fact that the database was already exposed in forums and open groups of cybercriminals.
The information about this alleged security breach was published on May 29, 2026.