Mexico's Inferno Leaks: 701GB of voter data, tax records, and banking history

Seven hundred and one gigabytes. One download. Mexico's entire digital identity infrastructure.

In February 2025, a data broker called InjectionInferno posted what they called "Mexico's largest database" to the dark web. It wasn't hyperbole. The leak includes voter registration data from the INE (Mexico's electoral authority), complete banking and credit histories, SAT tax records, university transcripts, hospital and medical records, political party membership data, phone numbers, and employment histories. Everything needed to impersonate someone completely.

How one company assembled an entire country's data

Here's the chilling part: according to analysis by AutDefend, InjectionInferno didn't hack into each system individually. They're not master hackers breaking into government databases or banks. Instead, they're data brokers. Their business model is simpler and more dangerous: take old data breaches that already exist, enrich them with fresh information from other sources, package it all together, and sell complete profiles to criminal organizations.

The scary part is how easy this was. Mexico's government and private databases aren't effectively isolated from each other. Someone—whether InjectionInferno or someone they bought from—combined INE electoral data with SAT tax records with banking information. That creates super-profiles. Not just your name and phone number. Your voting history, tax status, bank balance, employer, medical conditions, and political party all in one place.

What can scammers actually do with this?

With complete profiles, the possibilities for fraud are endless. Scammers can impersonate you to banks. They can apply for loans. They can commit tax fraud. They can open accounts in your name. They know your phone number, your employer, your voting patterns—everything a social engineer needs to trick you or your bank.

But there's a bigger threat happening right now. Mexico has judicial elections scheduled for June 2025. When you combine voter registration data with phone numbers and political party affiliations, you've got the infrastructure for electoral manipulation, voter intimidation, and political extortion. Someone can call you claiming to represent your party, threaten you based on your voting history, or coordinate a disinformation campaign targeting specific voters.

What should you do?

First, assume your data is compromised. Change your passwords everywhere—especially banking and email. Check your credit reports through Inbureau or other credit monitoring services. Consider a credit freeze if you're worried about fraudulent accounts.

Second, watch your phone. Scammers now have your number, and they know details about you that make them sound legitimate. Blocking individual scam numbers doesn't work anymore—they rotate through thousands of spoofed numbers every day. Be skeptical of any unsolicited call, even if they know your name, employer, or recent transactions.

Third, stay alert to identity theft. Monitor your bank statements weekly. Set up fraud alerts with your banks. Check your tax records periodically to catch anyone filing fraudulent returns in your name.

The Inferno Leaks isn't just a data breach. It's proof that Mexican institutions aren't protecting citizen data the way they should. Your complete identity is out there. The best defense right now is to be paranoid about who you trust with your information and how.