Banco Vimenca, WIRED, and Government Data Leaks Surface on Dark Web

SOCRadar’s Dark Web Team identified several high-profile data leak claims this week, including alleged exposures affecting Banco Vimenca, WIRED subscribers, Mexico’s Tax Administration Service (SAT), and New Zealand-based social platform Neighbourly. The posts referenced ransomware-linked publication, large-scale subscriber data, government financial records, and extensive user communications. All information is derived from threat actor statements and observed listings, and remains unverified at this stage.

Receive a Free Dark Web Report for Your Organization:

The Alleged Database of Banco Vimenca is Leaked

The SOCRadar Dark Web Team has detected a new claim of a massive data leak targeting Banco Vimenca. Threat actors have announced that the full set of the bank’s confidential data has been released on an Onion (TOR) blog. The breach reportedly includes over 190,000 scanned identification cards belonging to active customers, posing a significant privacy issue. The leaked dataset is allegedly not limited to personal IDs; it also encompasses corporate documents such as annual reports, financial statements, and confidential contracts with partners, revealing sensitive business relationships intended to remain private.

Upon further investigation, it was determined that the TOR blog mentioned by the threat actor belongs to the LeakNet ransomware group, which had previously added the company to its victim list on December 17. A review of the threat actor’s historical activity on the hacker forum reveals a pattern of sharing direct links to this specific group’s blog. This behavior suggests that the actor may be reposting the incident to boost their own popularity and reputation within the forum, or the ransomware group itself is utilizing the forum to advertise the breach and attract renewed attention to the leak.

The Alleged Database of Wired is Leaked

The SOCRadar Dark Web Team has detected a significant data leak affecting approximately 2.3 million subscribers of WIRED magazine, a publication under the Condé Nast media conglomerate. Initial indications of this breach were identified by SOCRadar’s Dark Web Monitoring systems on December 20, 2025, with the incident reportedly stemming from a broader compromise of the company’s shared account infrastructure.

A threat actor operating under the alias “Lovely” claimed responsibility for the leak, stating that the data was released in retaliation after the company failed to respond to multiple vulnerability reports. The actor has further threatened to release additional datasets affecting more than 40 million Condé Nast users in the coming weeks.

Analysis of the shared screenshots and structured JSON files suggests the breach was not caused by third-party scraping, but rather by Broken Access Controls and Insecure Direct Object Reference (IDOR) vulnerabilities within Condé Nast’s centralized identity platform. These flaws allegedly allowed attackers to iterate through user IDs and extract profile data via server-side authorization failures.

While there is no evidence that passwords or payment card information were included, the leaked dataset contains significant Personally Identifiable Information (PII):

• Email Addresses: Approximately 2.3 million records.
• Full Names: Around 285,000 entries.
• Home Addresses: Over 102,000 records.
• Phone Numbers: Over 32,000 records.
• Metadata: User IDs and account timestamps.

The Alleged Data of a Mexican Tax System are on Sale

The SOCRadar Dark Web Team has detected a new listing targeting Mexico’s Tax Administration Service (Servicio de Administración Tributaria, SAT). A threat actor claims to have exfiltrated approximately 120,000 XML invoices from 2025 by exploiting a vulnerability in the Zuul microservices gateway, which they assert remains active.

The leaked dataset allegedly contains sensitive financial and personal information for both individuals and companies, including bank account numbers, names, addresses, emails, and tax obligations. The actor states that the data has been cross-verified against the official government portal using the extracted Taxpayer IDs (RFCs).

The Alleged Database of Neighbourly is on Sale

The SOCRadar Dark Web Team has detected a new listing targeting Neighbourly, New Zealand’s largest private social network. A threat actor claims to have put a massive 150 GB database up for sale, allegedly containing over 213 million lines of data. According to the actor’s description and provided samples, the breach exposes extensive Personally Identifiable Information (PII) and sensitive communications, including full names, emails, phone numbers, physical addresses, GPS coordinates, and verified Neighborhood IDs. Additionally, the dataset reportedly contains private messages, forum posts, biographies, and account metadata such as registration timestamps and verification status.

Powered by DarkMirror™

Gaining visibility into deep and dark web threats can be extremely useful from an actionable threat intelligence and digital risk protection perspective. However, monitoring all sources is simply not feasible, which can be time-consuming and challenging. One click-by-mistake can result in malware bot infection. To tackle these challenges, SOCRadar’s DarkMirror™ screen empowers your SOC team to follow up with the latest posts of threat actors and groups filtered by the targeted country or industry.