A recent cyberattack has compromised the security of more than 1,500 Mexican websites, including key government institutions such as the Tax Administration Service (SAT), the Federal Electricity Commission (CFE), the Banco del Bienestar (Bank of Welfare), and the Attorney General's Office (FGR). This incident puts the tax, financial, and judicial information of millions of citizens and businesses in Mexico at risk. The magnitude of the attack has raised concerns among cybersecurity experts, who warn about the vulnerability of the country's digital infrastructure.

An attack through Oracle

The attack originated from a vulnerability in Oracle cloud services, specifically on the login.us2.oraclecloud.com server. The cybercriminal, identified as @rose87168, claimed to have exploited the CVE-2021-35587 vulnerability in Oracle Access Manager, accessing six million records, including certificates and cryptographic keys. This type of vulnerability allows attackers to gain unauthorized access to protected accounts and systems, compromising sensitive data and increasing the risk of identity theft or financial fraud.

Although Oracle has denied the intrusion, specialized media and affected companies have confirmed the authenticity of the stolen data. Some experts point out that this attack could have been prevented with better security patch management and more rigorous updating of data protection protocols.

Affected Institutions and Sectors

Cybersecurity specialist Nicolás Azuara shared a list of 1,529 affected Mexican domains, covering government, educational, financial, and healthcare sectors. Among the affected entities are federal and state government agencies, universities, banks, and hospitals.

The compromised information could include tax documents, judicial databases, academic records, and credentials of millions of users. This represents a serious risk to citizen security, as the leaked data could be used for fraud, extortion, or even the manipulation of official records.

In the education sector, universities and research centers have reported leaks of personal information about students and teachers, which could lead to identity theft. In the financial sector, banks and other institutions have taken preventative measures to prevent unauthorized access to critical accounts and systems.

Mexico in the crosshairs of cybercriminals

This incident adds to a series of recent cyberattacks in Mexico. In November 2024, the SAT faced massive leaks and compromises of its systems, affecting taxpayers' ability to comply with their tax obligations. Furthermore, in January 2025, more than 570 government computers were infected with malware designed to steal passwords, compromising the security of public information.

These events demonstrate that Mexico has become a frequent target of cyberattacks. The lack of investment in cybersecurity infrastructure and the absence of strict regulations have allowed cybercriminals to continue exploiting vulnerabilities in government and private systems.

Urgency to Strengthen Cybersecurity

The magnitude of this attack highlights the urgent need to strengthen cybersecurity measures in Mexican institutions. Specialists recommend that affected organizations urgently review and update their systems, implement multi-factor authentication for critical access, and conduct periodic security audits to mitigate future risks.

Furthermore, authorities are called upon to strengthen cybersecurity legislation and allocate greater resources to protecting digital infrastructure. Collaboration between the public and private sectors will be key to improving resilience to future attacks and ensuring the information security of millions of Mexicans.

The massive Oracle hack is a reminder of the growing threat posed by cybercrime and the need to take immediate action to protect the integrity of the country's IT systems.