What Happened
In March 2026, Colombia’s national tax authority, DIAN (Dirección de Impuestos y Aduanas Nacionales), suffered a cybersecurity incident involving unauthorized access to personal data on its appointment scheduling subdomain, agendamiento.dian.gov.co, developed by third-party provider CIEL Ingeniería. A hacker using the alias ArcRaidersPlayer claimed responsibility on March 2, 2026, alleging the exploitation of a long-known vulnerability and offering a 16GB database—potentially containing up to 18 million records with names, ID numbers, emails, phone numbers, and other personal details—for sale on BreachForums for $2,000 USD. DIAN confirmed the external attack on March 6, 2026, stating that taxpayer financial/aduanera data, passwords, and credentials remained secure, promptly disabling the system, activating incident protocols, filing a criminal complaint for extortion with the Fiscalía General de la Nación, and reporting to the Superintendencia de Industria y Comercio, while in-person services at 56 offices continued uninterrupted. No official verification of the leak’s full scope has been issued, though experts warn of risks like identity theft and phishing if authentic.
