Alleged Data Sale of JAPAY (Junta de Agua Potable y Alcantarillado de Yucatán)

🏢 About JAPAY

The Junta de Agua Potable y Alcantarillado de Yucatán (JAPAY) is the state-level water and sanitation utility provider for Yucatán, Mexico. It manages water supply, billing, and infrastructure for both residential and commercial clients.

⚠ Disclaimer

This report includes actual screenshots and/or text that may include unredacted personally identifiable information (PII) gathered from publicly available sources.
The sensitive information presented within this report is intended solely for cybersecurity awareness and threat intelligence purposes.

📌 Overview

On August 21, 2025, a threat actor known as Eternal claimed responsibility for selling a large dataset allegedly belonging to JAPAY, Mexico’s Yucatán water utility service.

The actor claims the dataset contains over 400,000 records, including sensitive customer and organizational details such as tax information, cadastral and physical addresses, water meter numbers, billing, and consumption data.

The leak was advertised on underground forums, with Eternal setting a sale price of $500 USD or a “ransom” price of $10,000 USD for data withdrawal.

📊 Key Details