Brinztech Alert: The Alleged Database of UNMSM is Leaked

Dark Web News Analysis

The dark web news reports a significant data breach involving the Universidad Nacional Mayor de San Marcos (UNMSM), the oldest and one of the most prestigious universities in the Americas. A threat actor is circulating a database specifically targeting the Postgraduate Studies department and the Language Center.

The compromised dataset allegedly contains approximately 290,000 records. The leak is split into two parts: a 218MB SQL database file and a massive 2GB archive of supporting documents (PNG, JPG, PDF). The exposed information is highly sensitive, including Full Names, Addresses, DNI (National Identification Numbers), Phone Numbers, Email Addresses, Academic Records, and critically, scanned copies of DNI Cards, Payment Vouchers, Certificates, and User Photos.

Key Cybersecurity Insights

Breaches of major Latin American universities often lead to specific types of regional fraud due to the reliance on physical document scans for bureaucratic processes:

• Identity Theft “Kit”: The most dangerous aspect of this leak is the exposure of Scanned DNI Cards. In Peru, a high-resolution image of a DNI is often enough to bypass identity checks for online services, register illegitimate SIM cards, or even fraudulently modify tax records. Combined with User Photos, attackers can create high-quality fake IDs.
• Academic Fraud & Forgery: The leak includes Certificates and Academic Records. Criminals can use these authentic templates to forge degrees or language proficiency certifications, selling them on the black market to unqualified individuals seeking employment.
• Payment Voucher Scams: The exposure of Payment Vouchers reveals exactly how and when students pay their tuition. Scammers can use this to craft “Tuition Refund” or “Payment Error” phishing emails that look identical to official university communications, tricking students into handing over banking details.
• SQL Injection Vulnerability: The presence of a .SQL file strongly suggests the university’s web applications were vulnerable to SQL Injection, allowing the attacker to dump the entire backend database. This indicates a likely lack of input sanitization in the student portal.

Mitigation Strategies

To protect the university community and academic integrity, the following strategies are recommended:

• DNI Alert: Affected students and faculty should consider reporting their DNI as “compromised” to the RENIEC (National Registry of Identification and Civil Status) to prevent unauthorized use.
• Portal Hardening: UNMSM IT administrators must urgently patch the SQL injection vulnerability and sanitize all input fields on their web portals to prevent further data exfiltration.
• Phishing Defense: Students should be warned that the university will never ask for “payment corrections” via WhatsApp or unofficial email addresses.
• Document Verification: Employers receiving certificates from UNMSM in the near future should strictly verify them through official digital channels rather than accepting PDF copies, which may now be forged easily.

Secure Your Business with Brinztech — Global Cybersecurity Solutions

Brinztech protects organizations worldwide from evolving cyber threats. Whether you’re a startup or a global enterprise, our expert solutions keep your digital assets safe and your operations running smoothly.

Questions or Feedback?

For expert advice, use our ‘Ask an Analyst’ feature. Brinztech does not warrant the validity of external claims. For general inquiries or to report this post, please email us: contact@brinztech.com