Uruguay at risk: the data leak of more than one and a half million citizens

A massive data leak has shaken Uruguay, exposing the personal information of approximately one and a half million citizens on a clandestine dark web forum. The database, allegedly extracted from the Agency for Electronic Government and Information and Knowledge Society (AGESIC), contains sensitive details such as national ID numbers, contact information, and COVID-19 vaccination records, including the number of doses and the type of vaccine administered. This trove of data is being offered for sale for just two hundred dollars, a price that highlights the vulnerability of the country's digital systems and the inability of Yamandú Orsi's government to protect its citizens.

A fiasco that puts public trust at risk

The leak, initially reported by users on social media and confirmed by outlets such as El Observador, includes information that could be used for identity fraud, extortion, or disinformation campaigns. Despite warnings from experts, Orsi's government did not take decisive measures to strengthen the security of digital systems, leaving Uruguay exposed to a new attack of devastating proportions.

You may also be interested in reading about Mujica and his hidden past

AGESIC, the entity responsible for the country's digital transformation, has been identified as the epicenter of this crisis. Under Orsi's management, the agency appears to have ignored warning signs from previous leaks, allowing the cybercriminal group Tacuara to access critical data stored in its customer relationship management system. The lack of thorough audits after the February incident and the absence of measures such as advanced encryption or multi-factor authentication reflect negligence that puts Uruguayans' privacy and the government's credibility at risk.

Orsi's silence and public outrage

President Yamandú Orsi, who took office with promises of modernization, has maintained a deafening silence in the face of this leak. AGESIC has only confirmed that it is investigating the incident, without providing details on how it occurred or what measures will be taken to protect affected citizens. This lack of leadership has fueled outrage on social media, where Uruguayans have described the government as incapable of handling a crisis that threatens their security. A user on Twitter summed up the general sentiment: This government sold us as a digital country, but can't protect even our names or our vaccines.

You may also be interested in discovering what social democracy looks like in action

The leak exposes a disconnect between Orsi's government's technological ambitions and its ability to implement them securely. In 2024, AGESIC reported thousands of cybersecurity incidents, but the administration did not prioritize data protection, leaving the door open to attacks that could have been prevented with basic measures.

A black market that takes advantage of inaction

The sale of the database for two hundred dollars on dark web forums, payable in cryptocurrencies such as Monero, underscores how easily cybercriminals are exploiting the weaknesses of the Uruguayan government. The leaked information, which includes sensitive medical details, could fuel phishing scams or disinformation campaigns. The inaction of Orsi's government is perceived as a betrayal of public trust.

You may also be interested in reading Orsi's 100-day logbook

This incident is not only a technical failure, but a reflection of misplaced priorities. While the government promoted its digitalization agenda, it neglected investment in cybersecurity, leaving AGESIC ill-equipped to face modern threats. Compared to similar leaks in the region, such as the one in the Dominican Republic in 2024, Uruguay stands out for its inability to learn from past mistakes, a criticism that falls directly on Orsi's management.

An urgent call for accountability

The leak demands an immediate and transparent response from Orsi's government, which so far has been notably absent. Citizens deserve to know how their data was compromised, what measures will be taken to prevent future incidents, and how those affected will be protected. Cybersecurity experts urge the implementation of forensic audits, notification of victims, and the provision of identity monitoring services, but the government's slow response doesn't inspire confidence.

Uruguay faces a turning point. Orsi's administration must take responsibility for this disaster and act decisively to restore faith in its digital institutions. Otherwise, this leak will not only be a blow to Uruguayans' privacy, but also an indelible stain on a government that promised progress, but has proven incapable of protecting its people.