PAMI And RENAPER Hackers Detained In Argentina Police Op

(MENAFN- The Rio Times) ARGENTINA · CYBERSECURITY

Saturday, May 30, 2026 - 03:00 BRT - By Juan Martinez

Key Facts

- The operation: Argentina's federal police detained seven people after a seven-month investigation into a hacker ring selling stolen citizen data on Telegram.

- The arrests: Five men, one woman and a 15-year-old were detained, with 11 raids carried out in Buenos Aires province and in Paraná.

- The targets: The ring stole data from the RENAPER national ID registry, the PAMI healthcare programme for seniors, the DNRPA vehicle registry, the SISA national health system, and the Mi Argentina platform.

- The distribution: Stolen data was sold through Telegram channels using automated bots, with proceeds laundered via cryptocurrency wallets and a network of digital mules.

- Latin American impact: The case is one of the largest state-data breaches uncovered in Latin America and shapes the regulatory conversation across the region.

Argentina's federal police announced this week the detention of seven people involved in a hacker ring that stole and sold citizen data from the country's national ID registry, healthcare system and other public databases. The operation followed a seven-month investigation and included 11 raids across Buenos Aires province and Entre Ríos. The PAMI and RENAPER hackers had been distributing the stolen records through Telegram channels and laundering proceeds through cryptocurrency.

How the PAMI and RENAPER hackers operated

The Policía Federal Argentina announced the operation on Thursday after raids carried out the previous day. The investigation started in October 2025 under federal prosecutor Ramiro González of the Fiscalía Nacional en lo Criminal y Correccional Federal No 7, which since then had been monitoring an organisation suspected of computer crimes.

The federal judge handling the case is Sebastián Roberto Ramos of the Juzgado Criminal y Correccional Federal No 9. Ramos ordered the 11 raids carried out across the towns of Alejandro Korn, Bosques, Luis Guillón, and José C. Paz in Buenos Aires province, plus a search in the city of Paraná in Entre Ríos.

Investigators seized computers, hard drives, mobile phones and cryptocurrency wallets during the raids. The defendants face charges of unauthorised access to computer systems, theft of state information, and money laundering through digital assets.

What data the PAMI and RENAPER hackers stole

The ring accessed five sets of state databases. The first was the Registro Nacional de las Personas, known as RENAPER, which holds Argentine national identity documents and is the primary identity-verification source for the country's civilian population.

The second was the Programa de Asistencia Médica Integral, PAMI, the federal health programme that serves more than 5 million Argentine retirees and pensioners. Access credentials for the PAMI portal were among the items being sold.

The other three databases were the DNRPA vehicle and property registry, the SISA national health-information system that holds clinical histories, and the Mi Argentina digital identity platform, which most adult Argentines use to access state services. Criminal records were also obtained.

Live Market IntelligenceArgentina - Live Market BoardInside: market breadth, the sector heatmap, currencies & rates, the Latin America scoreboard and the full instrument board.

Rio Times · Live Market Intelligence

Argentina - Live Market Board

BYMA · Buenos Aires
May 30, 2026 · 05:25

S&P MERVAL · benchmark 3,166,407
+2.49% L 3,082,367day rangeH 3,175,353

+37.19% over 12 months

Market breadth · 14 names 100% advancing

14 ▲ advancing0 declining ▼

Currencies, rates & key inputs USD / ARS 1,409 -0.07%

Brent crude 91.12 -2.76%

Soybeans 1,187 -0.65%

Sector heatmap · average move today Telecom +5.55% TELECOM ARG

Utilities +3.30% PAMPA, CEPU

Mining +3.28% TXAR

Financials +3.26% GGAL, COME, BYMA

Materials +1.95% ALUAR, LOMA NEGRA

Technology +1.25% GLOBANT

Energy +0.85% YPF, TGS

Consumer Disc. +0.53% MIRGOR, MERCADOLIBRE

Latin America scoreboard IndexLastTodayStrength IbovespaBrazil
173,787
-0.73%

S&P/BMV IPCMexico
68,588
-0.40%

S&P IPSAChile
10,788
-1.00%

S&P MERVALArgentina
3,166,407
+2.49%

MSCI COLCAPColombia
2,176.90
-0.26%

BVL S&P PerúPeru
34,836.62
+0.71%

Full instrument board

Instrument	Last	Change	YoY	Prev.	High	Low	Volume
MERVAL	3,166,407	+2.49%	+37.19%	3,089,497	3,175,353	3,082,367	-
USD/ARS	1,409	-0.07%	+21.40%	1,410	1,412	1,400	-
YPF	78,350	+1.65%	+80.11%	77,075	78,700	76,900	256,368
GGAL	7,495	+3.59%	+7.69%	7,235	7,540	7,200	5,537,445
PAMPA	5,095	+2.16%	+35.83%	4,988	5,110	4,920	1,538,675
TXAR	692.50	+3.28%	-3.01%	670.50	696.00	661.50	1,288,902
ALUAR	1,019	+1.39%	+22.04%	1,005	1,021	992.00	811,629
TGS	9,135	+0.05%	+31.63%	9,130	9,215	8,950	411,842
CEPU	2,356	+4.43%	+45.43%	2,256	2,375	2,223	1,260,212
MIRGOR	16,950	+1.04%	-25.66%	16,775	17,125	16,750	5,556
COME	49.36	+4.82%	-30.44%	47.09	51.80	46.11	22,829,397
LOMA NEGRA	3,593	+2.50%	+15.14%	3,505	3,620	3,483	466,091
BYMA	296.75	+1.37%	+33.78%	292.75	298.00	290.50	3,831,730
TELECOM ARG	4,328	+5.55%	+79.56%	4,100	4,465	4,125	389,007
GLOBANT	40.43	+1.25%	-58.85%	39.93	41.11	38.92	1,597,927
MERCADOLIBRE	1,696	+0.01%	-33.85%	1,696	1,707	1,679	755,807

Largest moves today TELECOM ARG
4,328
+5.55% COME
49.36
+4.82% CEPU
2,356
+4.43% GGAL
7,495
+3.59% TXAR
692.50
+3.28% LOMA NEGRA
3,593
+2.50% MERVAL
3,166,407
+2.49% PAMPA
5,095
+2.16%

The session read The S&P MERVAL rose 2.49%, with breadth positive - 14 of 14 names higher. Telecom led, while Consumer Disc. lagged.

From The Rio Times

Related coverage · 30 May 2026 Chile's Stock Market Falls 1% as the Decoupling Breaks

Read →

How the PAMI and RENAPER hackers monetised the data

The ring sold the stolen data through Telegram channels, where automated bots handled customer requests for specific records. Prices were set by record type and freshness, with full identity packages priced higher than individual data points.

Buyers used the records to commit scams, extortions, threats, and identity fraud, according to the investigation. The Mi Argentina credentials were particularly valuable because they let downstream criminals impersonate citizens across multiple state services from a single login.

Proceeds moved through virtual wallets and cryptocurrency platforms. Some of the defendants acted as digital mules, receiving incoming payments and redistributing them across multiple wallets to obscure the trail. The investigation linked the group to a transnational criminal organisation that the same prosecutor's office had dismantled in October 2025.

The PAMI and RENAPER hackers in Argentine context

Argentine state databases have faced repeated cybersecurity scrutiny. The RENAPER itself was compromised in 2021 in a separate incident, when an alleged leak exposed national identification records for several thousand Argentine citizens. The 2026 case is the largest such operation since.

The Mi Argentina platform handles digital identity for around 30 million users and is the federal government's single-sign-on layer for benefits, tax services and document requests. PAMI's data exposure carries direct medical-privacy implications for one of the country's most vulnerable populations.

Argentina's federal data-protection authority, the Agencia de Acceso a la Información Pública, is expected to open an administrative track parallel to the criminal case. Findings on database-level access controls and patching schedules will determine whether sanctions extend to the affected agencies.

What the PAMI and RENAPER hackers case means for the region

Brazilian, Chilean and Mexican data-protection authorities watch Argentine cases closely, since identity-fraud rings often operate cross-border. The Buenos Aires investigation revealed Telegram-bot distribution models that are already known to law enforcement in Brazil's Federal Police and Chile's Ministerio Público.

For citizens in the region, the practical advice from federal investigators remains consistent. Two-factor authentication, careful response to unsolicited verification requests, and regular monitoring of identity-document use are the most effective defences.

For investors and corporates with operations in Argentina, the case underlines the importance of vendor due-diligence on identity-verification suppliers. Several of the records reportedly resold by the ring would have made downstream KYC compliance unreliable for any business that purchased them as a fraud-prevention tool.

Frequently Asked Questions

How many people were detained?

Seven, including five men, one woman, and a 15-year-old. The investigation took seven months and involved 11 raids across Buenos Aires province and the city of Paraná in Entre Ríos.

Which Argentine databases were breached?

The RENAPER national ID registry, the PAMI healthcare programme, the DNRPA vehicle and property registry, the SISA health-information system, and the Mi Argentina platform. Criminal records were also among the data sold.

What did the buyers use the data for?

Scams, extortions, threats, and identity fraud, according to the federal investigation. The Mi Argentina credentials let downstream criminals impersonate citizens across multiple state services from a single login.

Connected Coverage

For more on Argentine institutional news, read our piece on CAEME's $8bn pharma research pledge. For broader regional security context, see our coverage of Brazil's F-39 Gripen joint exercise.

The Rio Times - Saturday, May 30, 2026 - 03:00 BRT - By Juan Martinez

Read More from The Rio Times

Rosario Opens 31st Latin American Film Festival Through June 6 Pharma Multinationals Pledge $8bn Argentina Research Amid Patent Split Argentina's Stock Market Surges Within 4% of the All-Time High

MENAFN30052026007421016031ID1111186249