The Secretariat of Finance and Public Credit (SHCP) confirmed an “information security incident” at the National Commission on Insurance and Surety (CNSF), which occurred on January 30, resulting in the exposure of data contained in credentials of intermediaries in the insurance and surety sectors. According to the authorities, the compromised information is mostly of a public nature. In a statement, the CNSF reported that after detecting the event, “security and incident response protocols, as well as business continuity and contingency plans, were activated” to contain the impact and ensure the organization's operation. The commission clarified that the incident did not involve the leakage of sensitive databases of end-users, but rather documentation used to accredit individuals or legal entities operating as intermediaries in the sector. The CNSF, a decentralized body of the Secretariat of Finance and Public Credit, is responsible for supervising that insurance and surety institutions operate in accordance with the regulatory framework, preserving their solvency and financial stability. The body detailed that it continues with the processes for reviewing, approving, and issuing new credentials, while to avoid administrative impacts, “an extension of the validity of current credentials will be granted until the 28th of the present month”. As part of the subsequent actions to the incident, the commission maintains review processes to accurately determine the scope of the event and strengthen its information security systems. The CNSF also informed that it will carry out “the corresponding legal actions before the competent authorities,” considering that the facts could constitute crimes in matters of information security. Finally, the CNSF reiterated in its statement its commitment to the protection of information, as well as transparency and accountability, and indicated that it maintains communication with the corresponding instances to address the case in accordance with the applicable regulations.
