The Dominican Republic's Ministry of Public Health and Social Assistance suffered a cyberattack in April 2024 that compromised more than 8,000 files containing COVID-19 vaccination records. The threat actor, using the alias CiberInteligenciaSV, posted the stolen dataset on Breach Forums, a hacking forum known for hosting Latin American breach data. Dominican news outlet DominicanToday and security researchers at Resecurity confirmed and analysed the leak.\n\nThe published dataset covered approximately 820,000 individuals. Compromised fields included the citizen's full name and Dominican national identification number (cédula), along with vaccination-specific data including total doses received, the clinic where doses were administered, dates of vaccination, and the type of vaccine used. The dataset reportedly included records linked to vaccines from Pfizer and SINOVAC, the two principal vaccines used in the Dominican vaccination campaign. Researchers noted possible overlaps with a separate breach of Dominican tourism company Caribe Tours from 2022, although the precise origin of the SESPAS file was not definitively traced.\n\nFor affected individuals, the practical risk is concentrated in identity-fraud scenarios using the cédula as a stable government identifier. The combination of full name and cédula supports identity-verification bypass at Dominican banks, government services, and other regulated institutions. Vaccination records themselves carry less direct fraud value but contribute to medical-privacy harm and could support discrimination or targeted social engineering. Individuals whose data may have been included should remain alert to unsolicited contact referencing public-health or government services, monitor accounts at Dominican financial institutions, and request fraud alerts where available.

Vaccination-record datasets collect highly sensitive citizen identity, public-health records, vaccination status, dates, and healthcare-linked information across immunization programs.

SESPAS confirmed the cyberattack publicly in mid-April 2024 and engaged technical specialists to investigate. Dominican authorities acknowledged additional cyberattacks against government systems through 2024 and 2025, including an October 2024 breach of the country's migration system that was later linked in international reporting to a Spanish hacking operation called 'Udyat.' The Dominican Republic's data-protection framework continues to operate under Ley 172-13 of 2013, with broader legislative discussion about modernisation continuing through 2025. The COVID-19 vaccination dataset has continued to circulate on Breach Forums and other dark-web aggregators in the years since the original publication.