Brinztech Alert: The Alleged Database of Movistar Perú is Leaked

Dark Web News Analysis

The dark web news reports a massive purported data leak originating from Movistar Perú (Telefónica Peru). The database, which is actively circulating on hacker forums, allegedly contains the personal records of over 22 million Peruvian citizens. The dataset covers a collection period between 2016 and 2018 and is distributed in CSV format. The compromised fields are highly sensitive, including National ID numbers (DNI), full names, dates of birth, physical addresses, and location codes (Ubigeo).

Key Cybersecurity Insights

The scale of this breach—covering nearly the entire adult population of Peru at the time—creates systemic risks for the nation’s digital infrastructure:

• Static PII Value: Although the data is from 2016-2018, its value remains high. DNI numbers, Dates of Birth, and Names are “static” identifiers that rarely change. Attackers can use this “old” data as the foundational layer to build profiles on citizens for current attacks.
• Identity Theft & Banking Fraud: In Peru, the DNI is the primary identifier for everything from voting to opening bank accounts. With 22 million DNIs and corresponding names exposed, fraudsters can attempt to bypass identity verification questions (KBA) used by banks and government services (RENIEC).
• SIM Swapping Risk: As the leak allegedly originates from a telecom operator (Movistar), the data likely links DNIs to phone lines. This facilitates SIM Swapping attacks, where attackers impersonate the victim to port their number, intercepting SMS 2FA codes for banking apps.
• Physical Security: The inclusion of physical addresses and location codes allows for “doxing” and targeted physical scams, particularly against vulnerable demographics like the elderly.

Mitigation Strategies

To protect citizens and mitigate the impact on national digital services, the following strategies are recommended:

• Enhanced Verification (Biometrics): Service providers (banks, utilities) in Peru should move away from knowledge-based authentication (e.g., “What is your DNI?”) and rely more on Biometric Verification (facial/fingerprint recognition) which cannot be spoofed by this leaked database.
• Public Awareness Campaign: Launch a nationwide awareness campaign educating citizens that their DNI and address details are likely public. Warn them to be suspicious of unsolicited calls claiming to be from banks or Movistar requesting “confirmation” of personal details.
• SIM Swap Hardening: Telecom operators must implement stricter protocols for SIM replacement, requiring physical presence and biometric verification rather than just presenting a DNI card (which can be forged using the leaked info).
• Dark Web Monitoring: Monitor for the use of these DNI lists in automated bot attacks against government portals (e.g., SUNAT or EsSalud) to detect massive unauthorized query volumes.

Secure Your Business with Brinztech — Global Cybersecurity Solutions

Brinztech protects organizations worldwide from evolving cyber threats. Whether you’re a startup or a global enterprise, our expert solutions keep your digital assets safe and your operations running smoothly.

Questions or Feedback?

For expert advice, use our ‘Ask an Analyst’ feature. Brinztech does not warrant the validity of external claims. For general inquiries or to report this post, please email us: contact@brinztech.com