Brinztech Alert: The Alleged Database of the Supreme Court of Justice of El Salvador is on Sale

Dark Web News Analysis

The dark web news reports a critical data privacy incident involving the Supreme Court of Justice of El Salvador (CSJ). A threat actor on a hacker forum is advertising the sale of a database allegedly belonging to the highest judicial body in the country.

The compromised dataset contains approximately 25,000 records, likely covering a significant portion of the court’s workforce, including judges, magistrates, and administrative staff. The data fields are exceptionally sensitive, combining standard PII (National ID/DUI, Tax ID/NIT, Full Names, Birthdates, Phones, Emails, Home Addresses, and Images) with highly confidential Financial Data, specifically Asset and Liability Declarations.

Key Cybersecurity Insights

Breaches of supreme courts are “Tier 1” national security threats because they expose the personal and financial vulnerabilities of the people who interpret the law:

• Judicial Extortion (“Plata o Plomo”): The exposure of Asset and Liability Declarations (Probity Data) is the most dangerous aspect. This data reveals exactly how much wealth a judge has, their debts, and their properties. Criminal organizations or political rivals can use this to identify judges with “unexplained wealth” or crippling debt, using that information to Blackmail them into issuing favorable rulings or dismissing cases.
• Physical Security Risks: In a country with a complex security landscape, publishing the Home Addresses and Photos of judges and court employees is a life-threatening doxxing event. It provides a “hit list” for criminal groups looking to intimidate the judiciary.
• Identity Theft (DUI/NIT): The combination of DUI (Documento Único de Identidad) and NIT (Número de Identificación Tributaria) allows for complete identity takeover. Attackers can use these details to open fraudulent bank accounts, laundry money, or register vehicles in the name of court employees to frame them for crimes.
• Institutional Destabilization: A leak of this magnitude undermines public trust in the justice system. If the financial declarations reveal discrepancies that the court had kept private, it could lead to a crisis of legitimacy and accusations of a cover-up.

Mitigation Strategies

To protect the rule of law and the safety of court personnel, the following strategies are recommended:

• Physical Security Review: The Organismo de Inteligencia del Estado (OIE) or police protection units must immediately review the security detail for high-risk judges whose home addresses were exposed.
• Probity Audit: The CSJ’s Probity Section should preemptively audit the exposed financial declarations to identify any personnel who might be vulnerable to extortion due to their financial situation.
• Credential Reset: Force a mandatory password reset for all 25,000 accounts. Implement Hardware-based MFA (YubiKey) for accessing internal case management systems to prevent unauthorized file manipulation.
• Financial Monitoring: Advise all employees to freeze their credit and monitor their bank accounts for suspicious activity. The CSJ should provide credit protection services to its staff.

Secure Your Business with Brinztech — Global Cybersecurity Solutions

Brinztech protects organizations worldwide from evolving cyber threats. Whether you’re a startup or a global enterprise, our expert solutions keep your digital assets safe and your operations running smoothly.

Questions or Feedback?

For expert advice, use our ‘Ask an Analyst’ feature. Brinztech does not warrant the validity of external claims. For general inquiries or to report this post, please email us: contact@brinztech.com