PRI Data Breach Exposes Voter IDs and Sonora Government Cyberattack Halts Financial Operations in Mexico
Published on December 18, 2025
Key Takeaways
- Sonora operations halted: The Secretaría de Hacienda of Sonora suspended payment operations following a suspected cyberattack targeting its Financial Information System.
- Political data leak: A threat actor claims to have exfiltrated 1.35 million INE voter ID images from the Partido Revolucionario Institucional (PRI).
- Verification pending: Both incidents, occurring in mid-December 2025, are currently under investigation by relevant authorities and remain pending full forensic verification.
State authorities in Sonora, Mexico, are grappling with a significant security incident affecting the Secretaría de Hacienda del Gobierno del Estado de Sonora. Simultaneously, the political landscape faces a serious threat, as the confidentiality of personally identifiable information (PII) was reportedly compromised in a breach involving the Partido Revolucionario Institucional (PRI).
PRI Data Breach Exposes Voter IDs
On December 17, 2025, a threat actor using the alias Sc0rp10nn claimed responsibility for a PRI data breach. The attacker said they successfully infiltrated the PRI's systems and stole a substantial database “to prevent its continued misuse.”
The compromised dataset reportedly contains approximately 1,350,000 images of INE (Instituto Nacional Electoral) voter IDs, including both front and back captures of the information, which the threat actor claims were "illegally acquired and traded", alleging they could be used to influence the upcoming 2026 Coahuila elections.
If confirmed, this leak of INE voter ID images represents a critical privacy violation, exposing sensitive identity documents and personal data of citizens.
Sonora Government Cyberattack Halts Financial Operations
On December 12, 2025, system administrators detected potentially suspicious activity indicating a Sonora government cyberattack targeting the state's Financial Information System, particularly affecting systems linked to the Undersecretariat of Expenditures.
The Secretariat initiated immediate incident response protocols, temporarily suspending all payment operations to contain the threat. The institution is currently coordinating with state and federal cybersecurity agencies.
Implications for Cybersecurity in Mexico
These concurrent incidents highlight the escalating threat landscape for cybersecurity in Mexico, affecting both government administration and political organizations. While both the Sonora disruption and the PRI exfiltration remain unverified, they signal a targeted focus on high-value public-sector databases.
In other recent breach news, SoundCloud confirmed the theft of 20% of its users' emails after a VPN disruption, and Jaguar Land Rover confirmed that its data was stolen in a crippling August cyberattack that cost the company over $890 million.
Related
Get expert insights on threats, breaches, scams, and security trends — delivered every Monday.
Most Popular
Get expert insights on threats, breaches, scams, and security trends — delivered every Monday.
Most Popular