Brinztech Alert: 13GB Database with 2 Million Records from Peru’s SENATI Leaked

Dark Web News Analysis: Massive 13GB SENATI Student Database on Sale

A massive 13.1 GB dataset, allegedly containing over 2 million records from SENATI, a major Peruvian educational institution, is being offered for sale. The breach, estimated to have occurred around December 2024, is exceptionally severe due to the inclusion of scanned official documents alongside personal data. The compromise of a large university’s core student database is a critical event that can have lifelong consequences for its students and alumni. The leak is a comprehensive trove of sensitive information, including:

• Student and Staff PII: Full names, personal and institutional emails, and phone numbers.
• Scanned Official Documents: High-resolution scans of ID cards and official academic certificates in PDF format.
• Academic and System Data: Detailed academic information and internal ticketing system data.
• Record Count: Over 2 million individual records.

Key Cybersecurity Insights

A data breach that includes official, scanned documents like ID cards and academic certificates is a catastrophic privacy violation, enabling high-level fraud that is very difficult to dispute.

• Leak of Scanned ID Cards and Certificates Enables High-Level Fraud: A database of text-based information is dangerous, but a collection of official, scanned government IDs and academic certificates is a worst-case scenario. This allows criminals to bypass sophisticated identity verification checks, create fake credentials for employment (academic fraud), and commit serious, hard-to-dispute identity theft.
• Educational Institutions as “Soft Targets” for Mass Data Collection: Large universities and schools are prime targets for cybercriminals. They are often viewed as “soft targets” with less robust security funding and infrastructure than financial institutions, yet they hold a vast trove of sensitive personal and financial data on students, parents, and faculty, making them an efficient source for mass data theft.
• Massive Scale Threatens a Generation of Students: With over 2 million records, this breach affects a significant portion of SENATI’s current and past student body. The exposed individuals will now face a long-term, heightened risk of identity theft, targeted phishing campaigns, and other forms of sophisticated fraud for years to come.

Critical Mitigation Strategies

SENATI must launch an urgent and transparent response to this massive data exposure, while its students and alumni must be on high alert.

• For SENATI: Immediately Launch a Full-Scale Incident Response: The university must immediately activate its incident response plan to investigate the source of this massive leak. A full forensic investigation is needed to assess the full scope of the compromise and take decisive action to contain the breach and secure its data systems.
• For SENATI: Mandate Password Resets and Enhance Security: A mandatory password reset for all student, faculty, and staff online accounts is a critical first step to prevent immediate account takeovers. The university must also prioritize the implementation of Multi-Factor Authentication (MFA) to protect accounts from being compromised by stolen credentials in the future.
• For Affected Students, Staff, and Alumni: Assume Total Identity Compromise: This is the most crucial advice for the millions of victims. Individuals in this leak must assume their most sensitive data is now public. They should be on maximum alert for signs of identity theft by closely monitoring their financial accounts and official records, and be extremely suspicious of any unsolicited communications.

Secure Your Organization with Brinztech As a cybersecurity provider, we can protect your business from the threats discussed here. Contact us to learn more about our services.

Questions or Feedback? For expert advice, use our ‘Ask an Analyst’ feature. For general inquiries or to report this post, please email us: contact@brinztech.com