The leak of personal data of Luis Lacalle Pou, the Minister of the Interior of Uruguay, Carlos Negro, and the Secretary of the Presidency, Alejandro Sánchez, has led to an investigation into a campaign of dissemination of sensitive information spread between May 17 and 18. The group La Pampa Leaks disseminated images, ID numbers, addresses, phone numbers, and messages with political insults directed against the affected officials.
The breach goes beyond the publication of data from three leaders. The attackers are promoting a service that claims to be able to obtain information on any Uruguayan citizen without a court order, while authorities have not yet independently verified several of the intrusions that the group itself claims responsibility for.
Antel confirmed the attack on TuID, but denied a leak of keys and advanced signature
The group claims to have compromised systems such as DNIC, Antel's TuID Digital, Ceibal, Sucive, UTU, and ANEP. For now, this list of affected platforms has not been independently confirmed by Uruguayan authorities.
Antel did confirm an attack on the TuID authentication system. The company specified that the incident did not compromise authentication keys, specially protected data, or the advanced electronic signature.
This contrast marks one of the central points of the case. The attackers present a capacity for massive access to public databases and digital identity, but the only official confirmation known so far is limited to the attack on TuID and excludes the most sensitive elements of the system.
VECERT detected a tool capable of cross-referencing family ties and financial profiles
The cybercriminals demand payments in Bitcoin to facilitate access to the stolen information. The use of this cryptocurrency aligns with their anonymity and the difficulty of tracking when operations cross multiple jurisdictions.
VECERT analysts indicate that the group has developed an interactive tool capable of mapping family trees, personal relationships, and complete financial profiles. This scope points to a data exploitation aimed not only at public exposure but also at the creation of detailed profiles.
As the investigation progresses, Uruguayan authorities are working alongside CERTuy and AGESIC to determine the origin and real scope of the incident. In parallel, they recommend citizens monitor unusual movements, not share sensitive data by phone, and reinforce two-factor authentication.
The exposed information included addresses, phone numbers, ID numbers, and images of Lacalle Pou, Carlos Negro, and Alejandro Sánchez, and its dissemination was concentrated between May 17 and 18, 2026.