Skip to content
Tips? Soon
Support
Sign In Subscribe
Leaks

Taxpayer Database From Mexico's Coahuila State Government Allegedly Leaked

 and  Dark Web Informer
9 min read
Breach Report Mexico flagMexico Government

Taxpayer Database From Mexico's Coahuila State Government Allegedly Leaked

Threat actors using the aliases M1sery157 and D3spair157 (operating as “Sociedad privada 157”) have posted what they describe as a database scraped from a Coahuila state government portal in Mexico. The actors claim they exploited long-standing web vulnerabilities in the portal to extract taxpayer (contribuyente) records, and that the leak contains 1,396 records in CSV format. Per the post, each record includes the taxpayer's name, RFC (Mexican federal tax ID), full home address (street, cross streets, neighborhood, and postal code), phone number, and detailed workplace information including the employer's name, activity, address, and phone. The dataset's authenticity and scope are unverified.

Data1,396 records
AccessFree leak
CountryMexico flagMexico
ActorM1sery157

Post details

TargetCoahuila state government portal (Mexico)
CountryMexico flagMexico
SectorGovernment / Public Sector
ClaimTaxpayer database scraped & leaked
DataNames, RFC, home & work addresses, phones
VectorExploited portal web vulnerabilities
ObservedJun 23, 2026
ActorM1sery157 x D3spair157

!Allegedly included

  • 1,396 records (claimed)
  • Taxpayer names
  • RFC (Mexican tax ID)
  • Full home addresses
  • Neighborhood & postal code
  • Phone numbers
  • Workplace name & activity
  • Workplace address & phone

Screenshot

Coahuila Mexico alleged government data leak Screenshot 1 Screenshot 1 Redacted preview

Potential impact

Although the dataset is small, the per-record content is sensitive: it ties named taxpayers to their RFC (a Mexican federal tax identifier used across financial and government services), full home and workplace addresses, and phone numbers. This combination supports identity theft and tax-related fraud, targeted phishing and impersonation, and, because it pairs names with both home and work locations, physical-targeting risks such as extortion, which are a particular concern in Mexico. The data reportedly originates from a government portal exposed through unpatched web vulnerabilities, pointing to a wider security gap. No taxpayer records, names, RFCs, addresses, or download links are reproduced here. The scope and authenticity are unverified.

iStatus

Unverified

Sample field headers, a CSV download, and a Telegram channel were posted to a forum; the sample, download links, and the actors' channel are not reproduced here. The actors claim the data was obtained by scraping a Coahuila government portal via web vulnerabilities. The claim has not been independently confirmed and Coahuila authorities have not publicly addressed it.

Want the non-redacted screenshots? Paid subscribers get all of the claim details and unredacted screenshots. Check out the threat feed or ransomware feed (whichever applies to this post), then after subscribing, search there for this alert to view the unredacted version. View pricing →

DARK WEB INFORMER - THREAT INTELLIGENCE

Related

Latest