Massive Data Breach Exposes 640,000 Mexican Port Workers, Escalating Cyber and Physical Security Risks
A significant cybersecurity breach in Mexico’s Safe Smart Port (PIS) platform has exposed sensitive data on 640,000 port workers, creating severe operational and physical security threats. The incident, reported by cybersecurity journalist Ignacio Gómez, involved the leak of 39.7GB of highly detailed records by the threat actor "marssepe" of the group Sociedad Privada 157 on a public forum.
The breach stemmed from a vulnerability in the PIS platform, a centralized system mandated by the Ministry of the Navy (SEMAR) for managing access to all national ports. Every logistics professional, customs agent, and transport provider in Mexico must register in the system to obtain operational credentials, making it a critical component of maritime security. The leaked data includes names, Unique Population Registry Codes (CURP), Federal Taxpayer Registry (RFC) numbers, Social Security numbers, blood types, encoded facial photographs, employer details, job titles, and specific port assignments.
The exposure extends beyond digital risks, enabling potential physical threats. With biometric data such as facial images and blood types now in criminal hands, workers face heightened risks of extortion, kidnapping, and targeted attacks. Unlike passwords, biometric and identity data cannot be reset, leaving affected individuals permanently vulnerable. The leak also includes Lenel physical security system identifiers, raising concerns that attackers could replicate access credentials to bypass port checkpoints.
This breach follows a pattern of escalating cyber threats against Mexican critical infrastructure. While SEMAR previously reported a DDoS attack in 2013 that did not compromise internal networks, recent data shows a surge in intrusion attempts. Between March 2017 and October 2025, the Secretary of National Defense (SEDENA) blocked over 35 million attacks, with SEMAR recording 340,174 incidents in the first 10 months of 2025 alone a 242% increase from 2024. Despite claims that these attacks were neutralized, the 39.7GB leak suggests successful penetration of logistical systems.
The fallout from this breach spans three major risk vectors: operational and physical security threats, as criminal groups gain a detailed workforce directory for coercion; identity theft and fraud, with exposed RFC and CURP data enabling financial crimes; and supply chain vulnerabilities, as compromised access credentials could facilitate unauthorized entry into high-security zones. The incident underscores critical gaps in cybersecurity governance for Mexico’s port infrastructure.
Abrogated/Republic of Turkey Ministry of Transport Maritime Affairs and Communications cybersecurity rating report: https://www.rankiteo.com/company/republic-of-turkey-ministry-of-transport-maritime-affairs-and-communications
"id": "REP1775529468",
"linkid": "republic-of-turkey-ministry-of-transport-maritime-affairs-and-communications",
"type": "Breach",
"date": "4/2026",
"severity": "100",
"impact": "6",
"explanation": "Attack threatening the economy of geographical region"{'affected_entities': [{'customers_affected': '640,000 port workers',
'industry': 'Maritime Security',
'location': 'Mexico',
'name': 'Ministry of the Navy (SEMAR)',
'size': 'Large',
'type': 'Government'}],
'attack_vector': 'Vulnerability in the PIS platform',
'data_breach': {'data_exfiltration': 'Yes (39.7GB leaked)',
'number_of_records_exposed': '640,000',
'personally_identifiable_information': ['Names',
'Unique Population '
'Registry Codes '
'(CURP)',
'Federal Taxpayer '
'Registry (RFC) '
'numbers',
'Social Security '
'numbers',
'Blood types',
'Encoded facial '
'photographs',
'Employer details',
'Job titles',
'Port assignments',
'Lenel physical '
'security system '
'identifiers'],
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)',
'Biometric Data',
'Employment Details',
'Security System Identifiers']},
'description': 'A significant cybersecurity breach in Mexico’s *Safe Smart '
'Port (PIS)* platform has exposed sensitive data on 640,000 '
'port workers, creating severe operational and physical '
'security threats. The incident involved the leak of 39.7GB of '
'highly detailed records by the threat actor *"marssepe"* of '
'the group *Sociedad Privada 157* on a public forum. The '
'leaked data includes names, *Unique Population Registry Codes '
'(CURP)*, *Federal Taxpayer Registry (RFC)* numbers, Social '
'Security numbers, blood types, encoded facial photographs, '
'employer details, job titles, and specific port assignments. '
'The exposure enables potential physical threats, including '
'extortion, kidnapping, and targeted attacks, as well as '
'supply chain vulnerabilities due to compromised access '
'credentials.',
'impact': {'brand_reputation_impact': 'Severe reputational damage to SEMAR '
'and Mexican port infrastructure',
'data_compromised': '39.7GB of sensitive records',
'identity_theft_risk': 'High risk due to exposed CURP, RFC, and '
'Social Security numbers',
'operational_impact': 'Compromised access credentials could '
'facilitate unauthorized entry into '
'high-security zones',
'systems_affected': 'Safe Smart Port (PIS) platform'},
'lessons_learned': 'The incident underscores critical gaps in cybersecurity '
'governance for Mexico’s port infrastructure, highlighting '
'the need for stronger protections for biometric and '
'identity data, as well as improved monitoring of critical '
'systems.',
'post_incident_analysis': {'root_causes': 'Vulnerability in the *Safe Smart '
'Port (PIS)* platform, insufficient '
'cybersecurity governance, and lack '
'of robust monitoring'},
'recommendations': ['Implement enhanced monitoring and intrusion detection '
'systems for critical infrastructure',
'Strengthen access controls and authentication mechanisms '
'for port security systems',
'Conduct regular vulnerability assessments and '
'penetration testing',
'Develop a comprehensive incident response plan for data '
'breaches involving biometric and PII data',
'Improve cybersecurity governance and regulatory '
'oversight for maritime security platforms'],
'references': [{'source': 'Cybersecurity journalist Ignacio Gómez'}],
'threat_actor': 'marssepe (Sociedad Privada 157)',
'title': 'Massive Data Breach Exposes 640,000 Mexican Port Workers, '
'Escalating Cyber and Physical Security Risks',
'type': 'Data Breach',
'vulnerability_exploited': 'Unknown vulnerability in the *Safe Smart Port '
'(PIS)* platform'}