Argentina Detains Hackers Selling State Health and National ID Data
ARGENTINA · CYBERSECURITY
Saturday, May 30, 2026 — 03:00 BRT — By Juan Martinez
—The operation: Argentina’s federal police detained seven people after a seven-month investigation into a hacker ring selling stolen citizen data on Telegram.
—The arrests: Five men, one woman and a 15-year-old were detained, with 11 raids carried out in Buenos Aires province and in Paraná.
—The targets: The ring stole data from the RENAPER national ID registry, the PAMI healthcare programme for seniors, the DNRPA vehicle registry, the SISA national health system, and the Mi Argentina platform.
—The distribution: Stolen data was sold through Telegram channels using automated bots, with proceeds laundered via cryptocurrency wallets and a network of digital mules.
—Latin American impact: The case is one of the largest state-data breaches uncovered in Latin America and shapes the regulatory conversation across the region.
Argentina’s federal police announced this week the detention of seven people involved in a hacker ring that stole and sold citizen data from the country’s national ID registry, healthcare system and other public databases. The operation followed a seven-month investigation and included 11 raids across Buenos Aires province and Entre Ríos. The PAMI and RENAPER hackers had been distributing the stolen records through Telegram channels and laundering proceeds through cryptocurrency.
How the PAMI and RENAPER hackers operated
The Policía Federal Argentina announced the operation on Thursday after raids carried out the previous day. The investigation started in October 2025 under federal prosecutor Ramiro González of the Fiscalía Nacional en lo Criminal y Correccional Federal No 7, which since then had been monitoring an organisation suspected of computer crimes.
The federal judge handling the case is Sebastián Roberto Ramos of the Juzgado Criminal y Correccional Federal No 9. Ramos ordered the 11 raids carried out across the towns of Alejandro Korn, Bosques, Luis Guillón, and José C. Paz in Buenos Aires province, plus a search in the city of Paraná in Entre Ríos.
Investigators seized computers, hard drives, mobile phones and cryptocurrency wallets during the raids. The defendants face charges of unauthorised access to computer systems, theft of state information, and money laundering through digital assets.
What data the PAMI and RENAPER hackers stole
The ring accessed five sets of state databases. The first was the Registro Nacional de las Personas, known as RENAPER, which holds Argentine national identity documents and is the primary identity-verification source for the country’s civilian population.
The second was the Programa de Asistencia Médica Integral, PAMI, the federal health programme that serves more than 5 million Argentine retirees and pensioners. Access credentials for the PAMI portal were among the items being sold.
The other three databases were the DNRPA vehicle and property registry, the SISA national health-information system that holds clinical histories, and the Mi Argentina digital identity platform, which most adult Argentines use to access state services. Criminal records were also obtained.
Live Market IntelligenceArgentina — Live Market Board
Rio Times · Live Market Intelligence
Argentina — Live Market Board
+2.49%
173,787
-0.73%
68,588
-0.40%
10,788
-1.00%
3,166,407
+2.49%
2,176.90
-0.26%
34,836.62
+0.71%
| Instrument | Last | Change | YoY | Prev. | High | Low | Volume |
|---|---|---|---|---|---|---|---|
| MERVAL | 3,166,407 | +2.49% | +37.19% | 3,089,497 | 3,175,353 | 3,082,367 | — |
| USD/ARS | 1,409 | -0.07% | +21.40% | 1,410 | 1,412 | 1,400 | — |
| YPF | 78,350 | +1.65% | +80.11% | 77,075 | 78,700 | 76,900 | 256,368 |
| GGAL | 7,495 | +3.59% | +7.69% | 7,235 | 7,540 | 7,200 | 5,537,445 |
| PAMPA | 5,095 | +2.16% | +35.83% | 4,988 | 5,110 | 4,920 | 1,538,675 |
| TXAR | 692.50 | +3.28% | -3.01% | 670.50 | 696.00 | 661.50 | 1,288,902 |
| ALUAR | 1,019 | +1.39% | +22.04% | 1,005 | 1,021 | 992.00 | 811,629 |
| TGS | 9,135 | +0.05% | +31.63% | 9,130 | 9,215 | 8,950 | 411,842 |
| CEPU | 2,356 | +4.43% | +45.43% | 2,256 | 2,375 | 2,223 | 1,260,212 |
| MIRGOR | 16,950 | +1.04% | -25.66% | 16,775 | 17,125 | 16,750 | 5,556 |
| COME | 49.36 | +4.82% | -30.44% | 47.09 | 51.80 | 46.11 | 22,829,397 |
| LOMA NEGRA | 3,593 | +2.50% | +15.14% | 3,505 | 3,620 | 3,483 | 466,091 |
| BYMA | 296.75 | +1.37% | +33.78% | 292.75 | 298.00 | 290.50 | 3,831,730 |
| TELECOM ARG | 4,328 | +5.55% | +79.56% | 4,100 | 4,465 | 4,125 | 389,007 |
| GLOBANT | 40.43 | +1.25% | -58.85% | 39.93 | 41.11 | 38.92 | 1,597,927 |
| MERCADOLIBRE | 1,696 | +0.01% | -33.85% | 1,696 | 1,707 | 1,679 | 755,807 |
How the PAMI and RENAPER hackers monetised the data
The ring sold the stolen data through Telegram channels, where automated bots handled customer requests for specific records. Prices were set by record type and freshness, with full identity packages priced higher than individual data points.
Buyers used the records to commit scams, extortions, threats, and identity fraud, according to the investigation. The Mi Argentina credentials were particularly valuable because they let downstream criminals impersonate citizens across multiple state services from a single login.
Proceeds moved through virtual wallets and cryptocurrency platforms. Some of the defendants acted as digital mules, receiving incoming payments and redistributing them across multiple wallets to obscure the trail. The investigation linked the group to a transnational criminal organisation that the same prosecutor’s office had dismantled in October 2025.
The PAMI and RENAPER hackers in Argentine context
Argentine state databases have faced repeated cybersecurity scrutiny. The RENAPER itself was compromised in 2021 in a separate incident, when an alleged leak exposed national identification records for several thousand Argentine citizens. The 2026 case is the largest such operation since.
The Mi Argentina platform handles digital identity for around 30 million users and is the federal government’s single-sign-on layer for benefits, tax services and document requests. PAMI’s data exposure carries direct medical-privacy implications for one of the country’s most vulnerable populations.
Argentina’s federal data-protection authority, the Agencia de Acceso a la Información Pública, is expected to open an administrative track parallel to the criminal case. Findings on database-level access controls and patching schedules will determine whether sanctions extend to the affected agencies.
What the PAMI and RENAPER hackers case means for the region
Brazilian, Chilean and Mexican data-protection authorities watch Argentine cases closely, since identity-fraud rings often operate cross-border. The Buenos Aires investigation revealed Telegram-bot distribution models that are already known to law enforcement in Brazil’s Federal Police and Chile’s Ministerio Público.
For citizens in the region, the practical advice from federal investigators remains consistent. Two-factor authentication, careful response to unsolicited verification requests, and regular monitoring of identity-document use are the most effective defences.
For investors and corporates with operations in Argentina, the case underlines the importance of vendor due-diligence on identity-verification suppliers. Several of the records reportedly resold by the ring would have made downstream KYC compliance unreliable for any business that purchased them as a fraud-prevention tool.
How many people were detained?
Seven, including five men, one woman, and a 15-year-old. The investigation took seven months and involved 11 raids across Buenos Aires province and the city of Paraná in Entre Ríos.
Which Argentine databases were breached?
The RENAPER national ID registry, the PAMI healthcare programme, the DNRPA vehicle and property registry, the SISA health-information system, and the Mi Argentina platform. Criminal records were also among the data sold.
What did the buyers use the data for?
Scams, extortions, threats, and identity fraud, according to the federal investigation. The Mi Argentina credentials let downstream criminals impersonate citizens across multiple state services from a single login.
For more on Argentine institutional news, read our piece on CAEME’s $8bn pharma research pledge. For broader regional security context, see our coverage of Brazil’s F-39 Gripen joint exercise.
The Rio Times — Saturday, May 30, 2026 — 03:00 BRT — By Juan Martinez