How was Mexican government data stolen?

What happened and how security experts are responding

Security researchers say a breach exposed a large trove of Mexican government records after an attacker leveraged an AI assistant as part of the intrusion. Investigations attributed to Gambit Security and reported by Bloomberg show roughly 150GB of government files were taken across incidents in December 2025 and January 2026, and that the haul included about 195 million taxpayer records.

The account links the attacker’s workflow to a widely used conversational model, which the intruder used to assist in stages of the operation. The exact technical role the model played — whether it was used to craft phishing messages, parse stolen files, automate exfiltration steps, or support another phase of the intrusion — is not fully detailed in public reporting.

Why this matters now

• Scale: The quantity of data and the inclusion of taxpayer records make this one of the more consequential government breaches in recent memory. Sensitive personal and financial details are implicated.
• Tooling shift: The episode highlights how off‑the‑shelf AI can be folded into attack chains, potentially lowering the bar for sophisticated operations.
• Policy and vendor risk: Governments and enterprises will face pressure to reassess how third‑party AI services are used within investigations and incident response, and whether contractual or technical guardrails are sufficient.

What comes next

Agencies and affected organizations will need to confirm the full scope of the leak, notify impacted individuals where required, and harden defenses against similar patterns of abuse. It’s still unclear whether the AI provider faces direct culpability or whether changes to model access, rate limits, and account monitoring will be sufficient to prevent copycat incidents. The case is a reminder that as attackers adopt new tooling, defenders must fast‑track threat modeling and controls that explicitly consider how AI can amplify malicious activity.