The IAPA (Inter American Press Association) warned about the leak of personal data of journalists attending the press conferences of the President of Mexico, Andrés Manuel López Obrador, on 22 January 2024.
Once the incident became known, an investigation was carried out to find out the identity of the cybercriminals responsible for the leak and how they had carried out the cyberattack. It was determined that the theft was perpetrated using the account of a former government employee from an IP address located in Spain, although the identity of the perpetrator and his motives are still unknown.
Those responsible for these attacks on the privacy and security of journalists will be prosecuted once they are identified and apprehended. Yet, it is clear this does not represent any real hindrance to their criminal activities. This is because they still have highly confidential information, which makes it easier to manipulate people. As a result, it is unlikely that any punishment would be sufficient to deter the continued theft of sensitive data.
The journalists’ information was exposed on clandestine Internet forums, violating privacy, and unlawfully disclosing compromised information. This has become the largest data leak in Mexico’s history. Personal data of more than 300 journalists were shared, including names, email and physical addresses, telephone numbers, among others. As privacy is a fundamental right, cybersecurity experts are advocating for the application of severe sanctions against those responsible for this breach.
Mexico: a dangerous environment for journalists
Following this event, the country reaffirmed its position as one of the most dangerous countries in the world for professionals in this sector. The exposure of personal information compromises the safety and integrity of media professionals, restricting their freedom and ability to report without fear. Since 2000, the number of murders and cyberattacks against journalists has continued to grow, highlighting the danger associated with this profession in the country. Although the General Personal Data Protection Regulation is intended to protect personal information, the fact is that exposure and manipulation of information continues to increase.
As a result, many journalism professionals are forced into exile. In these circumstances, they leave their homes in search of new job opportunities and freedom of expression, as well as a safer and more favourable environment for their profession.
How to prevent data breaches on the Internet
For cybercriminals, infiltrating systems and gaining access to sensitive data, including bank accounts, is becoming increasingly tempting. It is therefore essential that we protect our exposure on the Internet by creating strong passwords and implementing security configurations in our cloud services.
Another emerging attack vector is deepfakes, a phenomenon we previously explained in this article.
But what measures are being taken to prevent future leaks and protect the journalists affected? While it is the responsibility of the competent authorities to ensure the protection of personal data, individuals must assume their own responsibility for the protection of information and be mindful of respecting the privacy and confidentiality of data circulating in the digital space. It is important to take practical steps to avoid exposing personal data online. For example:
- Protecting different accounts and device access by creating strong passwords, including special characters and avoiding predictable sequences or easily accessible personal information.
- Not uploading confidential information and personal data to the cloud if it is not secure, as this content is open to theft. We must always ask ourselves what data we share and where.
- Pay attention to the reliability of websites and the use of cookies.
- Keep operating systems, web browsers and applications up to date.
- Enable multi-factor authentication whenever possible, adding a second layer of security.
- Avoid connecting to public Wi-Fi networks that can access our data and instead use VPN connections that encrypt communication and privacy while browsing the Internet.
- Be alert and up to date on phishing and various cyberthreats.
In conclusion, although federal laws for the protection of personal data are essential to regulate and guarantee the security of information and communication environments, the truth is that a good defence against any cyberattack begins with awareness, alertness, and individual responsibility, not only within the organisation, but also at the corporate level.
We hope you found this information useful. We will be happy to give you more details about the risks of data breaches and how to prevent them. Feel free to contact us or visit our blog for more information.