He Ministry of Defense National confirmed that an external group managed to breach the portal of the General Directorate of Arms and Ammunition Control (Digecam)after a computer attack which lasted for approximately 13 hours. During that time, security systems failed to prevent the information extraction.
Although the incident was initially denied, a preliminary report confirmed that there was improper access to the systems, which is now investigated by the Public Ministry.
Given the uncertainty over the scope of the attack, Free press consulted the cybersecurity expert Melinton Navas to explain the real risks of data breaches to users.
RELATED READINGS
1. How did the attack occur?
The attack began on April 7 at 3 hours and, according to the authorities, consisted of the saturation of the system – known as denial of service (DDoS) attack— with the aim of opening an access gap.
According to the official version, the system resisted for several hours; However, the attackers managed to obtain access credentials. Later, they installed an automated program (bot) that allowed the extraction of more information.
#PressRelease | Ministry of National Defense informs the Guatemalan population: ⬇️ pic.twitter.com/oRJAMsQPMh
— Guatemalan Army (@Ejercito_GT) April 10, 2026
2. What will happen to the affected users?
The authorities indicated that the compromised records will be canceled to avoid improper use of the leaked information. In addition, they will be issued new weapons licenses free of charge.
In cases where the records have been violated, Digecam will directly contact the affected users.
3. Was it a hack or just a saturation?
Melinton Navas explains that, although both are cyber attacksthey are not the same.
A denial of service attack seeks to disable a system (for example, making the page unavailable to real users), while a hacking involves unauthorized access for purposes such as steal informationmodify it or destroy it.
RELATED READINGS
4. Is there always information theft?
Not necessarily. According to the expert, when an institution recognizes that it was violated, this does not automatically imply that there was data theft.
However, he clarified that in most cases the objective is usually the information theft.
5. Risks of leaks, even if the data is “public”
The Digecam authorities explained that the information that was had extracted was public and not sensitive.
In that sense, Navas warns that, although some of the information may be considered publicthere is a risk when extracting complete databases.
This is because the attackers can correlate data -as names, identifiers and characteristics— to build more complete user profiles.
In the case of Digecam, the information about weapons licenses could function as a sensitive identifier.
6. How secure are encrypted passwords?
The expert explains that passwords are usually stored using hash functions, which transform the text into an irrevertible string.
However, not all algorithms are equally secure. Some, such as MD5, are already considered obsolete and can be compromised relatively easily.
7. Human or technical failure?
For Navas, this type of attacks is usually more related to the human factorwhich continues to be the weakest link in computer security.
Errors like weak passwords, incorrect settings either fall for phishing attacks They are more common than direct exploitation of technical flaws in systems.
8. What are attackers looking for?
As he has seen in similar cases, the cybersecurity expert comments that the motivations can vary: from economic interests to political or social contexts.
However, Navas explains that, In many cases the objective is to sell the information obtained or use it for access other accounts.
Someone entered the Digecam databases, copied 30GB containing a) the database of 21.7k users (including hashes), b) the database of 62k weapons, and c) 52.5k certificates in PDFs.
All system users had their passwords changed. pic.twitter.com/ZzrNieMcPz— 👨🏻💻 Luis Assardo (@luisassardo) April 10, 2026
9. Why cancel registrations and issue new licenses?
Pamela Figueroaspokesperson for the Ministry of Defense, explained that the Licenses linked to affected records will be canceled and replaced at no cost.
In this regard, from a cybersecurity perspective, Navas comments, this measure suggests that Compromised data could have been exposed in its entiretysince the objective is to make the leaked information obsolete.
However, the expert warns that This action involves risks If not implemented correctly, it could cause both operational problems and additional risks for users.
“If there are old systems or databases that are not updated, previous records could still be valid,” he explained.
10. Recommendations for users
The specialist pointed out that one of the greatest risks is in the reuse of passwords.
If a uuser uses the same password on Digecam and other platforms -as social networks or emails—attackers could try to use those credentials on other sites.
In practical terms, this means that an incident like this could lead to the unauthorized access to personal accounts such as Facebook, Instagram or other digital services.
“Many times people use the same password on different portals. If that password is leaked, attackers can try it on other platforms and compromise more accounts,” he explained.
Therefore, one of the main recommendations is that, if you are a Digecam user and you use the same password on other services or platforms, change it as soon as possible.
