Dirección de Impuestos y Aduanas Nacionales: Alleged Data Breach at Colombia’s Tax Authority Could Expose Millions of Citizens’ Records

Suspected Data Breach at Colombia’s Tax Authority Exposes Millions of Records

A potential data breach at Colombia’s national tax agency, the Dirección de Impuestos y Aduanas Nacionales (DIAN), has raised concerns after a hacker allegedly accessed and leaked sensitive information belonging to millions of citizens. The incident, reportedly linked to the alias "ArcRaidersPlayer," targeted the agency’s appointment scheduling platform (agendamiento.dian.gov.co), a widely used portal for booking in-person tax services.

Initial reports suggest up to 18 million records may have been exposed, including names, identification numbers, email addresses, and other personal data. The leaked database, estimated at 16 gigabytes, was allegedly offered for sale online, though authorities have not confirmed its authenticity or full scope. Cybersecurity experts warn that if verified, the breach could enable identity theft, tax fraud, and phishing attacks targeting affected individuals.

Preliminary analyses indicate the breach may have exploited a known vulnerability in the appointment system’s software, which some experts claim went unpatched for months. DIAN, responsible for Colombia’s tax and customs operations, maintains extensive databases of financial and personal information, making it a prime target for cybercriminals.

The incident reflects broader cybersecurity risks as government services shift online. Colombia has expanded digital tax platforms in recent years, increasing convenience but also exposure to threats. Similar attacks have surged across Latin America, with public institutions facing ransomware, phishing, and data breaches.

As of now, Colombian authorities have not released a full technical report, but investigations are underway to determine the breach’s origin and impact. If confirmed, this could rank among Colombia’s largest government-related data exposures, heightening calls for stronger cybersecurity measures in public digital services.

Source: https://colombiaone.com/2026/03/04/colombia-dian-data-breach/

DIAN Dirección de Impuestos y Aduanas Nacionales cybersecurity rating report: https://www.rankiteo.com/company/diancolombia

"id": "DIA1772664324",
"linkid": "diancolombia",
"type": "Breach",
"date": "3/2026",
"severity": "100",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"

{'affected_entities': [{'customers_affected': 'Millions of citizens',
                        'industry': 'Taxation and Customs',
                        'location': 'Colombia',
                        'name': 'Dirección de Impuestos y Aduanas Nacionales '
                                '(DIAN)',
                        'type': 'Government Agency'}],
 'attack_vector': 'Exploited known vulnerability in software',
 'data_breach': {'data_exfiltration': 'Allegedly offered for sale online',
                 'number_of_records_exposed': '18 million',
                 'personally_identifiable_information': 'Yes',
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': ['Names',
                                              'Identification numbers',
                                              'Email addresses',
                                              'Personal data']},
 'description': 'A potential data breach at Colombia’s national tax agency, '
                'the Dirección de Impuestos y Aduanas Nacionales (DIAN), has '
                'raised concerns after a hacker allegedly accessed and leaked '
                'sensitive information belonging to millions of citizens. The '
                'incident targeted the agency’s appointment scheduling '
                'platform (agendamiento.dian.gov.co), exposing up to 18 '
                'million records, including names, identification numbers, '
                'email addresses, and other personal data. The leaked database '
                'was allegedly offered for sale online, posing risks of '
                'identity theft, tax fraud, and phishing attacks.',
 'impact': {'brand_reputation_impact': 'Heightened concerns over cybersecurity '
                                       'in public digital services',
            'data_compromised': '18 million records',
            'identity_theft_risk': 'High',
            'systems_affected': 'Appointment scheduling platform '
                                '(agendamiento.dian.gov.co)'},
 'initial_access_broker': {'data_sold_on_dark_web': 'Allegedly',
                           'entry_point': 'Appointment scheduling platform '
                                          '(agendamiento.dian.gov.co)'},
 'investigation_status': 'Underway',
 'lessons_learned': 'Need for stronger cybersecurity measures in public '
                    'digital services, timely patching of vulnerabilities',
 'motivation': 'Financial gain (data sold online)',
 'post_incident_analysis': {'root_causes': 'Unpatched vulnerability in '
                                           'software'},
 'recommendations': 'Enhance vulnerability management, implement stronger '
                    'monitoring, and improve incident response protocols',
 'references': [{'source': 'Cybersecurity news reports'}],
 'threat_actor': 'ArcRaidersPlayer',
 'title': 'Suspected Data Breach at Colombia’s Tax Authority Exposes Millions '
          'of Records',
 'type': 'Data Breach',
 'vulnerability_exploited': 'Unpatched vulnerability in appointment system '
                            'software'}