- The Civil Registry denied a massive data leak and any breach of its systems.
- The alert was issued by the cybersecurity portal VECERT, which reported up to 10 million affected users.
- The cybersecurity areas of the service, ANCI and PDI analyzed the incident and ruled out risks.
- The institution reaffirms its commitment to the protection of personal data and the security of its platforms.
The Civil Registry and Identification Service addressed the doubts that have arisen in recent days and He categorically denied having suffered a massive leak of personal data as a result of an alleged computer attackThe agency responded to a cybersecurity alert that raised concerns about millions of potentially affected citizens.
The controversy erupted after the website specializing in threat intelligence VECERT made public a complaint regarding the alleged exposure of information belonging to nearly 10 million peopleFollowing a joint technical analysis with the relevant authorities, the Civil Registry confirmed that there is no evidence of intrusions or unauthorized access to its institutional databases.
The origin of the cybersecurity alert
The controversy began when VECERT shared on its social media and platforms a report dated December 15, 2025 in which it warned of a suspected massive leak affecting the Civil Registry. According to that report, a threat agent identified as BreachLabs He would have gained access to sensitive identification data, potentially compromising millions of citizens.
In the publication, the site described that the The information allegedly obtained would include personal records. which, if authentic, could facilitate fraud, identity theft, or other crimes associated with misuse of private dataThe message quickly went viral on X and other channels, generating concern among users and cybersecurity professionals.
Given the magnitude of the figures and the tone of the alert, various voices in the digital sphere began to demand public explanations. The National Cybersecurity Agency (ANCI) She was immediately notified of the situation and, as she later confirmed, forwarded the information to the Civil Registry at the beginning of that same week so that the procedures could be activated. established protocols.
The fact that there was talk of around 10 million potential victims This raised concerns, as such a breach would have a significant impact on public trust and the image of the public administration regarding data protection.
Official response from the Civil Registry
Following the release of the VECERT report and its impact on the media and social networks, the Civil Registry issued a public statement in which he categorically rejected the existence of a massive leak or any breach of its institutional systems. The institution clarified that the data mentioned in the alert does not match the data it manages in its registry databases.
In that statement, the agency specified that The information disseminated “does not correspond to information, data or parameters used by the Civil Registry and Identification Service” in their registration or identification databases.” In other words, the alleged leaked records would not conform to the technical schemes or formats with which their systems operate.
The service further explained that the notification was analyzed in a timely manner by its own cybersecurity areasIn coordination with ANCI and the Cybercrime Unit of the Chilean Investigative Police (PDI), all these entities reviewed the content of the alert and compared the data with official systems to rule out a real incident.
At the end of that technical review, the Civil Registry was emphatic: No intrusion into their platforms or unauthorized access to their databases has been detected.According to the statement, there are also no signs of a successful attack resulting in the exposure of citizens' personal information.
The institution took the opportunity of its message to emphasize that Their systems remain operational and under constant monitoring., and that its security mechanisms continue to operate in accordance with current protocols to prevent and manage potential cyberattack attempts.
Actions taken by ANCI and PDI in response to the alleged leak
Beyond the response from the service itself, the situation triggered the participation of the National Cybersecurity Agency and the specialized units of the PDIBoth bodies are part of the usual coordination channels for potential incidents affecting public bodies and critical infrastructure.
According to details provided by the Civil Registry, The alert was forwarded in accordance with cybersecurity protocols. that govern this type of incident. ANCI and the Cybercrime Unit of the Investigations Police evaluated the background information shared by VECERT, reviewed the technical evidence, and collaborated with the service's internal analysis.
Sources consulted in the context of this situation indicated that, since it involved a potential ongoing threatThe specialized agencies declined to provide further details while the necessary checks were carried out. However, the results of these assessments coincided with the official version from the Civil Registry: there is no evidence of an actual breach of its systems.
The line of work focused on verifying whether the alleged data in circulation were related in some way with the service's information schemes. Since no direct correspondences or technical evidence of intrusion were found, it was ultimately ruled out that the published records originated from the institutional databases.
In parallel, cybersecurity authorities are maintaining vigilance for possible new signals related to the aforementioned threat actor, BreachLabs, or with similar leaks that may affect other organizations or companies. This type of monitoring is common when campaigns or reports involving large volumes of data are detected.
Commitment to data protection and public trust
In all its public messages, the Civil Registry has insisted that The protection of personal data is a priority and that it will continue to strengthen its digital security measures. The agency noted that it handles particularly sensitive public information, which requires maintaining strict standards and reacting quickly to any alert.
The service also emphasized that it will continue collaborating with the relevant authorities to clarify any alerts that may ariseWhether at the national level or in coordination with other actors in the cybersecurity ecosystem, this cooperation, they point out, is key to reducing uncertainty when reports emerge mentioning alleged breaches with very high numbers of potential victims.
The institution took the opportunity to send a message of calm, reminding everyone that The privacy of citizens has not been compromised In this episode, and according to the analyses carried out, there is no evidence of data leaks from their systems. However, the case has once again highlighted the importance of rigorously verifying reports circulating online before accepting them as fact.
In a context where Europe and other countries are strengthening their regulatory frameworks for data protection and Cybersecurity in public servicesSituations like this show the extent to which fast and transparent communication has become central to maintaining user trust, especially when dealing with massive attacks or millions of potential victims.
With the official version now on the table and after the joint work of their cybersecurity teams, the ANCI and the PDI, the remaining scenario is one of a organization that rules out having suffered a massive leakbut at the same time acknowledges the need to remain vigilant against new threats and to react clearly whenever a report calls into question the integrity of its systems and the security of the data it safeguards.
