Data leak at Mexican state power utility exposed national grid to potential cyber threats

Sensitive network and security logs belonging to Mexico’s state-owned Federal Electricity Commission (CFE) were exposed online for more than three years, potentially putting the country’s power supply at risk, researchers at Cybernews revealed.

The publicly accessible database, a Kibana instance managed by Mexican cybersecurity firm Teliko, contained over 600 gigabytes of network and threat alert logs linked to CFE, which supplies electricity to more than 99 percent of Mexico’s population. According to Cybernews, the information could have allowed malicious actors to map the utility’s infrastructure, identify weak points, and launch targeted attacks capable of disrupting power generation or distribution nationwide.

Researchers said the leaked data, first indexed in November 2021, originated from AIsaac, a Managed Detection and Response system used by CFE. The logs included lists of vulnerable devices, servers, and services. Such details could enable attackers to bypass defenses, gain access to critical systems, and manipulate industrial control equipment, potentially causing physical damage or shutting down essential services.

The exposure also raises privacy concerns. The logs reportedly contained detailed records of employee internet activity that could be exploited for spear-phishing campaigns, using look-alike domains and spoofed communications to compromise internal accounts.

Cybernews said it attempted to alert CFE over the past five months, sending 29 emails without receiving a response. The exposed Kibana instance now appears to be offline, but researchers warned that without proper remediation, the sensitive logs could reappear online.