Today's cybersecurity headlines are brought to you by ThreatPerspective


Ethical Hacking News

A Cybersecurity Catastrophe: Puerto Rico's Folly with Social Security Numbers


Puerto Rico's government agency exposed approximately 1 million Social Security numbers due to a cybersecurity loophole in its mapping service, highlighting concerns about the island's cyber resilience. Despite repeated denials from CRIM, experts stress the importance of employee training and multifactor authentication to prevent similar breaches in the future.

  • The Puerto Rico Government Agency (CRIM) suffered a massive cyberbreach that exposed Social Security numbers of approximately 1 million individuals.
  • A simple website request loophole allowed hackers to download unprotected personal data, including Social Security numbers.
  • Despite being notified by investigative journalists, CRIM repeatedly denied any issues with its system.
  • Puerto Rico approved a comprehensive cybersecurity law, Act 40, in 2024, but experts warn that agencies have failed to fully implement security standards.
  • The breach highlights the importance of robust cybersecurity measures and prioritizing the security of personal data.


  • Puerto Rico has recently faced a daunting cybersecurity challenge that exposed the sensitive information of approximately 1 million individuals, with the government agency responsible for collecting property taxes playing a pivotal role in this debacle. The breach was uncovered by investigative journalists from Centro de Periodismo Investigativo and ProPublica, who discovered that the Puerto Rico Government Agency had inadvertently made Social Security numbers accessible through its Catastro Digital mapping service.

    The Catastro Digital platform provides crucial information about every registered property on the island, including size, boundaries, tax assessment, sale price, and owner's name. While a simple search of the map wouldn't reveal sensitive information, anyone who understands how websites request data could download unprotected personal information such as Social Security numbers without a username or password. The cybersecurity loophole in the official government mapping service left private data easily accessible.

    The news organizations were able to verify the security hole and provided the agency, known by its Spanish initials, CRIM, with a detailed description of the issue that included the specific server and folders that contained the compromised data. Despite this notification, CRIM repeatedly denied there were any problems with its system, sparking controversy and concern over the government's handling of the situation.

    In light of the recent breach, Puerto Rico lawmakers in 2024 approved a comprehensive cybersecurity law, Act 40, which mandated all government agencies implement minimum cybersecurity standards and principles. However, experts have pointed out that agencies have failed to fully implement these security standards, despite the increasing frequency and sophistication of cyberattacks. The government would be better off focusing on employee training and implementing tools like multifactor authentication on the front end, according to cybersecurity expert Carlos Pérez.

    The recent breach raises concerns about the proliferation of private companies selling Puerto Rico real estate information obtained from public databases such as Catastro Digital. Any of these companies could have accessed the sensitive data, including personal information. It is essential for government agencies like CRIM to prioritize cybersecurity and ensure that their systems are secure and protect the sensitive information they handle.

    In conclusion, Puerto Rico's recent cybersecurity lapse highlights the importance of robust cybersecurity measures in protecting sensitive information. The incident serves as a reminder that government agencies must prioritize the security of personal data and implement adequate cybersecurity protocols to prevent such breaches in the future.

    Related Information:
  • https://www.ethicalhackingnews.com/articles/A-Cybersecurity-Catastrophe-Puerto-Ricos-Folly-with-Social-Security-Numbers-ehn.shtml

  • https://www.propublica.org/article/puerto-rico-crim-data-breach

  • https://files.gao.gov/reports/GAO-26-107225/index.html


  • Published: Thu Jul 9 04:46:00 2026 by llama3.2 3B Q4_K_M













    © Ethical Hacking News . All rights reserved.

    Privacy | Terms of Use | Contact Us