The Internet is a miner’s home, a paradise for valuable goods. And in Mexico, the big rush is for data — not coal or silver. Financial information, personal information, and voter rolls are where the money is, according to Frontera NorteSur’s article on Mexican data mining.
Mexico City’s daily newspaper, Reforma, reported that a list of 30 million registered voters was sold for under $400 dollars (Mexico only has 40 million people with constant Internet access). The data was purchased online via an email sent to a “Jose Luis,” the owner of the email address had been advertising the availability of these “exclusive” and “important” Mexican information databases.
When asked about the data, he sent a sample of 100 listings from different databases, then asked the potential buyer to deposit money into a Florida bank account in the name of “Daniel Laniado Lazaro” from Argentina. Once the money was received, “Jose Luis” delivered. Government voter rolls for 15 Mexican states arrived in the purchaser’s inbox from 2012.
This was not all that “Jose Luis” had for sale, though.
He reportedly was running specials on account numbers and personal data of 2 million Banamex clients, as well as personal information and credit card information for 618,000 American Express card holders. Curious buyers could also informed of the “availability” of client data from three banks, two cell phone companies, as well as privatized retirement funds, and the Mexican Social Security Institute.
Of course, this kind of information is confidential under Mexican law. This information market likewise violates federal regulation. However, the Apro news service reports that Mexican authorities knew of this email account, and a similar one in September 2011. There have been previous breaches of data privacy in Mexico – in 2010 for instance, the newspaper El Universal reported on the “ease” of obtaining the national motor vehicle registration list among other documents.
There are legal efforts to try to figure out what’s going on and stem the flow of data in Mexico, but mining season is in full swing, it seems, and it begs two questions: Can authorities be trusted to do everything to protect this data, and, can they do anything if it gets out?
It’s hard to say, but putting trust in companies or governments with private data seems to be a daily gamble worldwide. The constant cyber-warfare between the U.S. and China, as well as the NSA scandal suggest that even “secret” data is vulnerable, never mind things as simple as credit cards. As far as dealing with this stuff when it leaks, there is very little, if anything that can be done. Once something’s on the net, it’s there for good.
[Image Via elhombredenegro]