On May 8, 2025, Paraguay’s Ministry of Information Technology and Communication (MITIC) confirmed a significant cyberattack targeting multiple public institutions. At least 11 government entities were compromised, with hackers altering website appearances and potentially accessing sensitive data. MITIC’s CERT-PY team promptly activated response protocols, collaborating with affected institutions to mitigate impacts and assess the extent of the breach. The primary concern centers on the Ministry of Health, where personal vaccination data may have been exposed.
The compromised institutions include the Ministry of Justice, Ministry of Health, Chamber of Deputies, Presidency, National Meteorology Directorate, Ministry of Labor, Ministry of Children and Adolescents, National Ports Administration, National Repatriation Secretariat, and the Military Cabinet. While many attacks involved defacing websites, the breach at the Ministry of Health is particularly alarming due to the potential exposure of citizens’ personal health information. MITIC is actively analyzing the situation to determine the specific data accessed and its implications.
Cybersecurity expert Miguel Ángel Gaspar described the incident as one of the country’s most significant data breaches.
He noted the appearance of leaked citizen information on various online platforms, including social media and messaging services like Telegram and X (formerly Twitter). The exposed data comprises personal details such as phone numbers, which could facilitate identity theft and scams.
However, there is no indication that financial data was compromised.
In response, MITIC urges citizens to enhance their online security practices, such as using strong, unique passwords and enabling two-factor authentication for sensitive accounts. The ministry is also working to reinforce the cybersecurity infrastructure of the affected institutions to prevent future incidents. Ongoing investigations aim to identify the perpetrators and understand the full scope of the attack. The government emphasizes the importance of public awareness and vigilance in safeguarding personal information.
Reference:
