An unattributed threat actor has claimed to have leaked approximately 5.8 million Uruguayan citizen records — roughly 1.7 times Uruguay’s total population — suggesting cross-database aggregation from multiple government sources. The breach is unverified by CERTuy or official Uruguayan government authorities as of this bulletin date. For organizations with Uruguayan operations, vendor relationships, or employees with Uruguayan identity documentation, the downstream risk is spear-phishing campaign construction and identity fraud using the stolen PII class.