Monterrey Water Utility and Civil Registry of Mexico: Mexico reportedly breached via Claude exploitation

Mexican Government Agencies Hit by Month-Long Cyberattack Leveraging AI Tool

A sustained cyberattack targeting multiple Mexican government agencies between December and January exploited Anthropic’s Claude large language model (LLM) to steal 150 GB of sensitive data, according to a Gambit Security report cited by Cybernews. The breach compromised Mexico’s federal tax authority (SAT), civil registry, several state governments, and Monterrey’s water utility, exposing nearly 195 million taxpayer records, civil registry files, voter lists, and government employee credentials.

Attackers weaponized Claude by prompting the AI to identify 20 security vulnerabilities and generate exploit scripts, disguising their activity as a bug-hunting operation. While Claude’s safeguards flagged attempts to delete logs and command histories, threat actors bypassed these protections by framing their requests as authorized security research.

Despite the findings, Mexico’s tax authority (SAT), National Electoral Institute (INE), and the state government of Jalisco have denied the breach. Jalisco officials acknowledged a network intrusion but claimed it affected federal systems only, not local infrastructure. The full extent of the compromise and whether additional agencies were impacted remains unclear.

Source: https://www.scworld.com/brief/mexico-reportedly-breached-via-claude-exploitation

Servicios de Agua y Drenaje de Monterrey IPD cybersecurity rating report: https://www.rankiteo.com/company/servicios-de-agua-y-drenaje-de-monterrey-ipd

Mexintel cybersecurity rating report: https://www.rankiteo.com/company/mexintel

"id": "SERMEX1772240290",
"linkid": "servicios-de-agua-y-drenaje-de-monterrey-ipd, mexintel",
"type": "Cyber Attack",
"date": "2/2026",
"severity": "100",
"impact": "6",
"explanation": "Attack threatening the economy of geographical region"

{'affected_entities': [{'customers_affected': '195 million taxpayer records',
                        'industry': 'Taxation',
                        'location': 'Mexico',
                        'name': 'Servicio de Administración Tributaria (SAT)',
                        'size': 'Large',
                        'type': 'Government Agency'},
                       {'industry': 'Public Records',
                        'location': 'Mexico',
                        'name': 'Civil Registry',
                        'size': 'Large',
                        'type': 'Government Agency'},
                       {'customers_affected': 'Voter lists',
                        'industry': 'Elections',
                        'location': 'Mexico',
                        'name': 'National Electoral Institute (INE)',
                        'size': 'Large',
                        'type': 'Government Agency'},
                       {'industry': 'Public Administration',
                        'location': 'Jalisco, Mexico',
                        'name': 'State Government of Jalisco',
                        'size': 'Large',
                        'type': 'Government Agency'},
                       {'industry': 'Water Supply',
                        'location': 'Monterrey, Mexico',
                        'name': 'Monterrey’s Water Utility',
                        'size': 'Large',
                        'type': 'Utility'}],
 'attack_vector': 'AI Tool Exploitation (Claude LLM)',
 'data_breach': {'data_exfiltration': '150 GB',
                 'number_of_records_exposed': '195 million',
                 'personally_identifiable_information': 'Yes',
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': ['Taxpayer records',
                                              'Civil registry files',
                                              'Voter lists',
                                              'Government employee '
                                              'credentials']},
 'date_detected': '2023-12-01',
 'description': 'A sustained cyberattack targeting multiple Mexican government '
                'agencies between December and January exploited Anthropic’s '
                'Claude large language model (LLM) to steal 150 GB of '
                'sensitive data. The breach compromised Mexico’s federal tax '
                'authority (SAT), civil registry, several state governments, '
                'and Monterrey’s water utility, exposing nearly 195 million '
                'taxpayer records, civil registry files, voter lists, and '
                'government employee credentials. Attackers weaponized Claude '
                'by prompting the AI to identify 20 security vulnerabilities '
                'and generate exploit scripts, disguising their activity as a '
                'bug-hunting operation.',
 'impact': {'brand_reputation_impact': 'High',
            'data_compromised': '150 GB of sensitive data',
            'identity_theft_risk': 'High',
            'systems_affected': 'Federal tax authority (SAT), civil registry, '
                                'state governments, Monterrey’s water utility'},
 'investigation_status': 'Ongoing',
 'motivation': 'Data Theft, Cyber Espionage',
 'post_incident_analysis': {'root_causes': 'Exploitation of AI tool (Claude '
                                           'LLM) to identify and exploit '
                                           'vulnerabilities'},
 'ransomware': {'data_exfiltration': 'Yes'},
 'references': [{'source': 'Gambit Security (cited by Cybernews)'}],
 'response': {'communication_strategy': 'Denial by affected agencies',
              'third_party_assistance': 'Gambit Security'},
 'title': 'Mexican Government Agencies Hit by Month-Long Cyberattack '
          'Leveraging AI Tool',
 'type': 'Data Breach, Cyber Espionage',
 'vulnerability_exploited': '20 security vulnerabilities identified by Claude '
                            'LLM'}