🚨 CYBER INTELLIGENCE ALERT: ALLEGED MASSIVE EXFILTRATION AND ELECTION IMPACT — COLOMBIA 🇨🇴
ACTOR "TIG3R" CLAIMS LEAK OF MORE THAN 1.4 MILLION RECORDS FROM DEFENSORESDELAPATRIA
[STATUS: THREAT UNDER INVESTIGATION / UNCONFIRMED / EXFILTRATION OF CIVILIAN AND POLITICAL DATA / SOURCE: UNDERGROUND FORUM]
The threat actor identified by the alias Tig3r has posted on a clandestine leak forum claiming responsibility for an alleged massive intrusion against the servers and web infrastructure of Defensores de la Patria (https://t.co/HQTU75DngS). The attacker claims to possess a batch of 1,449,426 unique records of Colombian citizens, publicly alleging that the database exposes the structure of a supposed network manipulating or discrepancies in votes related to electoral processes in the country and fundraising schemes.
🏢 Allegedly Affected Entity: Registration platform and database of the Defensores de la Patria campaign/organization (https://t.co/HQTU75DngS - Colombia).
👤 Threat Actor/Spreader: Tig3r
⚔️ Potential Attack Vector: Infiltration of the web application's relational database through logical vulnerabilities, authentication bypass, or exposure of backups in public directories.
🔍 Verification Status: UNCONFIRMED. The actual impact on the systems or the net authenticity of all 1.4 million records remains under analysis and forensic audit. However, the alert carries a high level of risk due to the direct exposure of Personally Identifiable Information (PII) because of the explicit release of a structured extract of data on Colombian citizens dated up to June 2026.
🗂️ 1. Structured Data Structure (Exposed Fields)
The sample is presented in a comma-delimited (CSV) structured flat format with 21 specific headers that detail the profiling of the victims:
"Names","Type of IdentificationIdentificationMobile PhoneGenderDate of BirthAddressEmailMunicipalityDepartmentDistrictNeighborhoodReferrerMajor ReferrerData SourceIs a LeaderAge GroupRegistration Date ...
📊 2. Demographic and Geographic Consistency of the Victims
The exposed data matches real identities, numbers, and locations within the territory Colombian:
Official Identification: The widespread use of the variable "CC" (National Identity Card) is observed, accompanied by legitimate document numbers that match the structures of the National Civil Registry.
Telephone Telemetry: The exposed mobile phone numbers bear the Colombian international prefix 57 followed by valid ten-digit structures.
Mapping of Municipalities and Departments: The records segment the victims into specific locations within the country, exposing data in Soacha (Cundinamarca), Riohacha (La Guajira), Neiva (Huila), Popayán (Cauca), Tunja (Boyacá), Sasaima (Cundinamarca), Girardota (Antioquia), and Bogotá, D.C.
🛡️ TECHNICAL RECOMMENDATIONS AND SECURITY RESPONSE
🛑 Database System Audit on Web Platforms (General Corporate Action): Web infrastructure and political campaign management teams are urged to urgently review the database access logs of their logical portals, identifying patterns of mass queries or anomalous table exports during the first half of 2026.
📊 MONITORING AND EVALUATION
Intelligence System: https://t.co/wk9bZJ2Nli
Quickly assess your website's security with:
https://t.co/QZhWp0kFrO
#CyberSecurity #Colombia #ElectoralData #DataLeak #PIIExposure #DefendersOfTheHomeland #Soacha #Riohacha #Popayan #Bogota #ThreatIntelligence #CyberAlert #VECERT #Infosec #UnverifiedBreach
@ELTIEMPO@amompotes@jrestrp La tigresa se aculilla y no puede ir solo a un debate sin el restrepo, pareciese que el fuese el candidato, no sabe ni donde está parado ese tipo