Skip to content

Culiacán Municipal Health Portal Breached in Mexico, Minors' and Patients' Medical Records Leaked

Breach Report Mexico flagMexico Government / Health Involves Minors

Culiacán Municipal Health Portal Breached in Mexico, Minors' and Patients' Medical Records Leaked

A threat actor using the alias derm0nix (Hackero$ Crew) claims to have breached the Portal de Salud de Culiacán, the official digital health system of the Culiacán municipal government in Mexico, and has leaked the data for free. Per the post, it contains 4,045 complete patient records (CSV and JSON) covering full identity including CURP national ID numbers, dates of birth, contact details and addresses, employment data, and detailed medical histories, including hereditary and pathological conditions, substance-use habits, and gynecological and reproductive history. The actor states the data includes minors. Because this involves minors' sensitive medical data, no samples, schema, or download link are reproduced here. The claim is unverified.

Data4,045 records
TypeMedical records
CountryMexico flagMexico
Actorderm0nix

Post details

TargetPortal de Salud de Culiacán (municipal gov)
CountryMexico flagMexico
SectorGovernment / Health
Claim4,045 patient records (CSV + JSON)
DataCURP, medical & reproductive history
Period2018 to 2026
Observed
Actorderm0nix (Hackero$ Crew)

!Allegedly included

  • 4,045 patient records
  • Full names & CURP national IDs
  • Dates of birth & contact details
  • Home addresses
  • Employment / affiliation data
  • Full medical & pathological history
  • Gynecological & reproductive history
  • Includes minors' data

Screenshot

Potential impact

The dataset reportedly ties patients' names and CURP national ID numbers to home addresses, contact details, and highly sensitive clinical information, including mental-health, substance-use, and gynecological and reproductive history. Because the actor states minors are included, this is child-related medical data, and its exposure would create lasting risks of identity theft, discrimination, extortion, and targeting, with national ID numbers that cannot be reset. The screenshot is shown here in redacted form; no sample data or download link is reproduced. The claim is unverified.

iStatus

Unverified

The actor posted a description, a data schema, and a download link, and promotes a contact channel for further leaks. No sample records, identifiers, the schema, the download link, or the contact channel are reproduced here. The claim is unverified and the Culiacán municipal government has not publicly addressed it.

Want everything on this breach? Paid subscribers get the full claim details and more. Check out the threat feed, then after subscribing, search there for this alert. View pricing →

DARK WEB INFORMER - THREAT INTELLIGENCE

Latest