Brinztech Alert: Alleged Database of Colombian Public Employment Service Leaked

Dark Web News Analysis

Cybersecurity intelligence from late February 2026 has identified a high-priority listing involving the Unidad Administrativa Especial del Servicio Público de Empleo (UAESPE) in Colombia. This incident surfaces as the Colombian government faces increased pressure from specialized threat groups targeting national administrative registries and citizen portals.

The threat actor, NyxarGroup, claims to have exfiltrated a massive repository from the personas.serviciodeempleo.gov.co sub-domain. The exfiltrated data reportedly includes:

• Personally Identifiable Information (PII): Full names, physical addresses, and personal mobile phone numbers.
• National Identifiers: Cédula de Ciudadanía (National ID) numbers, which are the primary identity keys for all legal and financial transactions in Colombia.
• Professional Intelligence: Detailed employment history, including job titles, previous company names, salary expectations, and professional certifications.
• Scale of Impact: Approximately 1,000,000 unique records, representing a vast cross-section of the Colombian workforce, from entry-level job seekers to high-level government contractors.

Key Cybersecurity Insights

The breach of a national employment service represents a “Tier 1” threat due to the high density of verified professional metadata:

• Industrialized “Job Offer” Phishing: This is a primary risk. Armed with full professional histories, scammers can launch lures that are 100% convincing. Individuals are significantly more likely to trust a notification regarding a “government-sponsored hiring program” if the message correctly identifies their specific career path.
• Identity Cloning and Financial Fraud: The combination of Full Name and Cédula de Ciudadanía is a “Golden Record” for fraud in Colombia. Attackers can use this data to bypass security checks on banking platforms, apply for unauthorized credit lines (e.g., libranzas), or hijack access to the Garantía Juvenil and other social subsidy programs.
• Targeted Social Engineering (Vishing): Scammers use the leaked phone numbers and work history to call victims, impersonating officials from the Ministerio del Trabajo or major corporate HR departments. Using the professional data as social proof, they trick victims into revealing sensitive login credentials or paying “processing fees” for fake government jobs.
• Public Sector Infrastructure Risk: The attribution to NyxarGroup suggests a targeted focus on Colombian government infrastructure. This breach indicates a potential failure in API security or an unpatched vulnerability in the portal’s database management system, highlighting a broader risk for other interconnected state services.

Mitigation Strategies

To protect your digital identity and ensure professional security following this exposure, the following strategies are urgently recommended:

• Immediate Password Rotation for All Government Portals: If you are registered with the Servicio de Empleo, change your password immediately. CRITICAL: Ensure you use a unique, complex passphrase and never reuse it for your primary email or banking apps.
• Enforce App-Based Multi-Factor Authentication (MFA): Move beyond simple passwords and SMS-based codes. Enable MFA for all financial and communication portals to ensure that even if an attacker has your leaked Cédula number, they cannot hijack your digital life.
• Zero Trust for “Employment” Communications: The Servicio de Empleo and official government agencies will never ask for money, passwords, or full credit card details over the phone or via WhatsApp. Treat any unsolicited request for “document verification” or “payment for background checks” as a scam. Always verify the request by visiting an official Centro de Empleo in person.
• Monitor “Historia Laboral” and Credit Reports: Closely monitor your labor history (e.g., via Colpensiones or Protección) for any unauthorized changes. Additionally, check your credit report with Datacrédito or Cifin to ensure no one has applied for loans using your leaked Cédula.

Secure Your Future with Brinztech — Global Cybersecurity Solutions

From national employment agencies and labor ministries to global enterprise groups, Brinztech provides the strategic oversight necessary to defend against evolving digital threats. We offer expert consultancy to audit your current IT policies and GRC frameworks, identifying critical vulnerabilities in your user registries and public-facing portals before they can be exploited. Whether you are protecting a national workforce or a private corporate network, we ensure your security posture translates into lasting technical resilience—keeping your digital footprint secure, your citizens’ data private, and your future protected.

Questions or Feedback? For expert advice, use our ‘Ask an Analyst’ feature. Brinztech does not warrant the validity of external claims. For general inquiries or to report this post, please email us: contact@brinztech.com