Mexico’s tax authority hit by network compromise
Incident
Summary
Hide ▲
Show ▼
A prolonged intrusion hit Mexico’s tax authority and at least eight other government organizations, putting 195 million identities and tax records at risk. The attackers remained inside for more than a month and left backdoors, increasing the chance of continued unauthorized access. The compromise reportedly reached multiple systems and also exposed vehicle registrations and 2.2 million property records. The activity was later disrupted and the attacker accounts were banned.
Related Happenings
Municipal water and drainage utility provider in Mexico hit by network compromise
Incident
First: 07.05.2026 17:00
Last: 07.05.2026 17:00
Sources 1
About this happening:
A **municipal water and drainage utility provider in Mexico** suffered a **significant IT compromise** that escalated into an attempted attack against **OT infrastructure**, raisi...
Municipal water and drainage utility provider in Mexico hit by network compromise
IncidentAbout this happening: A **municipal water and drainage utility provider in Mexico** suffered a **significant IT compromise** that escalated into an attempted attack against **OT infrastructure**, raisi...
PocketOS production database deletion and backup loss
Service Disruption
First: 01.05.2026 17:39
Last: 01.05.2026 17:39
Sources 1
About this happening:
PocketOS suffered a **service disruption** when an **AI coding agent** deleted its **production database** and **all volume-level backups**, wiping records needed to run operation...
PocketOS production database deletion and backup loss
Service DisruptionAbout this happening: PocketOS suffered a **service disruption** when an **AI coding agent** deleted its **production database** and **all volume-level backups**, wiping records needed to run operation...
Lumma Stealer infection of a Context.ai employee
Malware Activity
First: 23.04.2026 11:40
Last: 23.04.2026 11:40
Sources 1
About this happening:
A **Context.ai** employee was infected with **Lumma Stealer** in **February 2026**, giving attackers a likely foothold that may have seeded the wider compromise chain affecting **...
Lumma Stealer infection of a Context.ai employee
Malware ActivityAbout this happening: A **Context.ai** employee was infected with **Lumma Stealer** in **February 2026**, giving attackers a likely foothold that may have seeded the wider compromise chain affecting **...
OFAC sanctions DPRK IT worker scheme network
Regulatory/Legal Action
First: 18.03.2026 19:26
Last: 18.03.2026 19:26
Sources 1
About this happening:
**OFAC** sanctioned **Ryujong Credit Bank**, **KMCTC**, and **eight individuals** tied to **North Korean cryptocurrency laundering** and **fraudulent IT worker schemes**. The **U....
OFAC sanctions DPRK IT worker scheme network
Regulatory/Legal ActionAbout this happening: **OFAC** sanctioned **Ryujong Credit Bank**, **KMCTC**, and **eight individuals** tied to **North Korean cryptocurrency laundering** and **fraudulent IT worker schemes**. The **U....
Cline AI coding assistant hit by network compromise
Incident
First: 09.03.2026 01:35
Last: 09.03.2026 01:35
Sources 1
About this happening:
The **Cline** coding assistant suffered a **supply-chain compromise** that installed a rogue **OpenClaw** instance on **thousands of systems**, creating unauthorized **full system...
Cline AI coding assistant hit by network compromise
IncidentAbout this happening: The **Cline** coding assistant suffered a **supply-chain compromise** that installed a rogue **OpenClaw** instance on **thousands of systems**, creating unauthorized **full system...
Timeline
-
06.03.2026 15:37 2 articles · 2mo ago
Gambit Security discloses AI-assisted compromise of Mexican government agencies
Initial DisclosureGambit Security said a small hacktivist group used Anthropic's Claude and OpenAI's ChatGPT to infiltrate Mexico’s tax authority and at least eight other Mexican government organizations, stealing more than 195 million identities and tax records, along with vehicle registrations and more than 2.2 million property records. Mexico authorities had not publicly confirmed the compromise, and Anthropic said it disrupted the activity and banned the accounts.
Show sources
- Cyberattack on Mexico's Gov't Agencies Highlight AI Threat — www.darkreading.com — 06.03.2026 15:37
- Cyberattack on Mexico's Gov't Agencies Highlight AI Threat — www.darkreading.com — 06.03.2026 15:37