Taxes Software Argentina, a Buenos Aires-based tax management software provider, has allegedly been compromised, exposing its internal infrastructure and the sensitive data of hundreds of its clients. The incident was reportedly carried out by a threat actor who claims to have exploited a misconfigured Nginx server and an exposed Laravel storage directory. The breach severely impacts 440 client companies and includes highly sensitive identified government entities, such as the Ministry of Finance (Direccion de Administracion del Ministerio de Economia Hacienda y Finanzas) and the National Postal Service of Argentina (Correo Oficial de la Republica Argentina).
According to the actor, the 4.7 GB database dump contains 440 SQL files. The allegedly compromised data includes:
-
Full names of system owners and individual clients
-
CUIT (Tax Identification) numbers
-
AFIP production certificates (
cwcert.crt) and private keys (cwkey.key) -
Administrative privileges capable of signing electronic tax documents, issuing electronic invoices, and submitting declarations to AFIP
-
Extensive financial records and system timestamps
Daily Dark WebRead More
R1
T1
