The National Banking and Securities Commission (CNBV) confirmed that the Credit Bureau database corresponding to 2016 was sold on the Deep Web.
The CNBV explained that after the incident it initiated a Special Inspection visit to Buró de Crédito, the company in charge of generating credit history reports of individuals and companies, to evaluate the security controls it implements, which is expected to conclude on March 3.
The statement issued by the organization comes 20 days after Buró de Crédito reported that "in some social networks, there were indications suggesting the illegal offering of information of individuals that includes some data that match those we managed in 2016 and that would have been obtained improperly."
As soon as Buró de Crédito became aware of the incident, it hired a company specialized in cybersecurity to evaluate its computer systems. The company concluded that the current systems had not been breached.
According to the CNBV.
However, he did not rule out that the information could have been leaked in 2016, before the current system was put into operation.
The entity added that the current database is "protected and unaltered". At the same time, it added that consumers do not need to make any formalities with Buró de Crédito or with the financial entities and companies that have granted them any loan or credit that they currently owe.
How do I check if my data was breached during the hack?
After announcing the breach, Buró de Crédito launched a website for people to check if their data was stolen during the hack.
Once you log in, the page will ask you for several personal data to perform the verification; among them: your name, date of birth, RFC, e-mail, address data and credit information.
After entering this information, the page will display the results to inform you whether or not your data was affected.
According to the Organization of American States (OAS) and the National Commission for the Protection and Defense of Users of Financial Services (Condusef), Mexico is the third country in the world with the highest number of cyber-attacks. Furthermore, according to these organizations, 77% of Mexican organizations do not have a plan to respond to cyber-attacks.