The BHU Data Breach

The BHU Data Breach: How Uruguay’s Digital Star Fell Victim to the Crypto24 Ransomware and 95% Weak Passwords

In September 2025, the state-owned Banco Hipotecario del Uruguay (BHU) suffered a catastrophic systems failure. While the institution quickly minimized the event as a manageable "incidente informático" or "problema técnico", cybersecurity expert Alberto Daniel Hill immediately refuted this official fiction. Hill labeled the event a "secuestro digital" and a "crisis nacional", arguing the breach was the inevitable "payment" for Uruguay's decades-long "national cyber debt".

This episode conducts a deep forensic analysis to expose the three critical layers of failure:

• Catastrophic Data Theft: Hill confirms the breach was a sophisticated double-extortion ransomware attack by the group Crypto24. Before systems were encrypted, Crypto24 successfully exfiltrated over 700 gigabytes of highly sensitive data. This massive payload included critical client Personally Identifiable Information (PII), property titles, loan contracts, financial records, and even the bank's internal IT security configurations.
• The 95% Vulnerability: Forensic analysis revealed that initial access was often facilitated by infostealer malware (like RedLine and Lumma) compromising end-user machines. Of 1,303 exposed user passwords linked to the BHU site, 95% were classified as weak or far too weak (including simple strings like "12345" or "bhu2020"). Hill famously compared the security of these credentials to writing them on a "servilleta mojada" (wet napkin).
• Architectural Failure and Silence: The bank’s drastic measure of activating a total network shutdown was not performed to "protect the information" (as claimed), but was a desperate, late-stage reaction after the 700GB theft was already executed. This failure stemmed from a monolithic IT architecture lacking essential network segmentation, which allowed Crypto24 easy lateral movement and access to potentially compromise backups.

Hill relentlessly critiques the BHU's adoption of the "protocolo del silencio", a strategy intended to shield the bank’s image and leadership from legal sanctions. This failure to disclose the PII compromise prevents citizens from protecting themselves against massive fraud and identity theft. The ensuing public pressure led directly to the Senate formally demanding that the BHU halt penalties against affected customers.

Join Hill as he uses his unique perspective—informed by his own prior persecution by the state for ethical disclosure—to advocate for immediate legal reform, mandatory transparency, and accountability for leaders whose institutional opaqueness he argues is the true enemy of digital sovereignty.

#BHU #Crypto24 #SecuestroDigital #NationalCyberDebt #AlbertoDanielHill #Uruguay #Cybersecurity #Ransomware #PII #ProtocoloDelSilencio #WeakPasswords