The Farmacias Salcobrand data breach has resurfaced on dark web forums, exposing the personal details of more than 715,000 Chilean customers. While this is not a new hack, the reappearance of the data in 2025 renews the threat of identity theft, targeted phishing, and financial fraud for those affected.
Background of the Breach
Cybersecurity researchers recently discovered a hacker forum listing that advertises a CSV database allegedly sourced from Farmacias Salcobrand, one of Chile’s largest pharmacy chains. The file contains 714,883 customer entries and confirms that the information was originally stolen around January 2021. The database has quietly circulated in private cybercrime markets for years but is now being resold to a wider audience, giving new attackers access to verified personal data.
Although the stolen data is several years old, it includes identifiers that never change. Victims remain at risk because national identification numbers and personal details can be reused for years in identity fraud operations and phishing campaigns.
Data Exposed in the Farmacias Salcobrand Breach
The leaked dataset contains a full set of personal and national identification data. Each record reportedly includes the following details:
- Full names and surnames
- Gender and date of birth
- RUT (Rol Único Tributario), Chile’s national identification number
- Email addresses and other contact information
- Purchase preferences and transaction details related to pharmacy orders
This combination of verified names, RUT numbers, and contact details forms a complete identity kit. Cybercriminals can use this data to impersonate victims, open fraudulent accounts, or carry out sophisticated social engineering scams that exploit trust in a well-known brand like Farmacias Salcobrand.
Why the Risk Remains Severe
While the breach originally occurred in or before 2021, the danger has not diminished. National IDs, dates of birth, and names are static pieces of data that cannot be changed, meaning the risk of misuse continues indefinitely. The re-emergence of this information in 2025 allows new cybercriminal groups to exploit it again for scams, impersonation, and credit fraud.
Attackers may use the exposed information to create realistic phishing messages in Spanish that appear legitimate to victims. The fact that the leaked data originated from a pharmacy adds another layer of concern, since health-related purchase data can be abused to craft personal and believable scams.
Examples of Potential Scams
Security analysts have already identified likely attack scenarios that could follow this breach. Because the database includes health and purchase data, these scams can be tailored to individual victims with alarming accuracy:
- Prescription scam: “Hello [Victim Name], there is an issue with your prescription at Salcobrand. Please confirm your RUT and payment details to complete your order.”
- Health benefit scam: “Hello [Victim Name], you are eligible for a government health benefit based on your purchase history. Please verify your RUT and bank details to claim it.”
These scams work because they combine real names, accurate data, and familiar services, which make them appear authentic. Victims may be tricked into providing financial information or verification codes that can lead to identity theft and stolen funds.
Legal and Regulatory Impact
This incident violates Chile’s Law 19.628 on the Protection of Private Life, which regulates the handling of personal and sensitive data. The renewed circulation of this information raises new compliance questions for Farmacias Salcobrand and could prompt investigations by Chilean authorities, including the Agencia de Acceso a la Información Pública (AAIP) and the SERNAC consumer protection agency.
Experts in cybersecurity emphasize that companies managing national IDs and health-related data must adopt strong encryption, limited retention periods, and continuous monitoring to prevent old data from reappearing. Without these measures, even outdated breaches can resurface and cause harm years later.
Recommended Actions for Farmacias Salcobrand
Since this is a re-circulated database rather than a new intrusion, the company’s focus should be on damage control, customer protection, and renewed transparency. Immediate steps should include:
- Publishing a new public statement acknowledging that the 2021 breach data is actively circulating again.
- Enforcing multi-factor authentication (MFA) for all online customer accounts.
- Implementing advanced dark web monitoring to detect new leaks or fraudulent use of the stolen data.
- Collaborating with regulators to ensure compliance and demonstrate a commitment to data protection.
- Providing ongoing updates and phishing awareness education to all customers.
What Chilean Customers Should Do
Customers affected by the Farmacias Salcobrand data breach should treat any message referencing their personal data with caution. Criminals may use this information to launch targeted attacks for years to come.
- Be skeptical of any calls, emails, or messages that request your RUT, payment details, or verification codes.
- Monitor financial accounts regularly and check credit reports through Chilean services like Dicom to detect fraudulent activity.
- Update passwords across all online platforms and avoid reusing old credentials.
- Use reputable anti-malware tools and enable real-time protection against phishing or spyware.
- Stay informed through trusted data breach reports and news sources for ongoing updates.
The Farmacias Salcobrand data breach highlights the long-lasting danger of exposed identity data. Even after several years, re-leaked information can fuel new waves of scams and identity fraud, reinforcing the need for both corporate accountability and public vigilance.
