Dominican Republic Vaccinations

In April 2024, the Ministry of Public Health and Social Assistance of the Dominican Republic experienced a cyberattack that compromised over 8,000 files containing COVID-19 vaccination records. The exposed data included sensitive personal information such as names, phone numbers, and addresses of vaccinated individuals. The breach was attributed to inadequate antivirus protection on the Ministry's computers, which left them vulnerable to malware attacks. Investigations led by the National Police traced the breach to a specific IP address; however, identifying and apprehending the perpetrators remains challenging due to the sophisticated tools required to navigate the Dark Web, where the stolen data is believed to be traded. In a related incident in May 2024, a threat actor known as 'CiberInteligenciaSV' leaked the personally identifiable information (PII) of approximately 820,000 individuals from the Dominican Republic on Breach Forums. This data included National ID numbers (Cédula), names, municipalities, dates of birth, vaccination centers, number of doses received, vaccination dates, and vaccine brands administered. The source of this leak remains unclear, but overlaps with previous breaches, such as the 2022 Caribe Tours hack by Kelvin Security, have been noted. The accuracy of some leaked data has been questioned, as discrepancies were found when cross-referencing ID numbers with official government portals.

Data Included in the Breach