The institution activated protocols after detecting a vulnerability
The National Tax and Customs Directorate (DIAN) launched a technical investigation to determine whether one of its digital platforms was compromised and whether a leak of user information may have occurred. The alert originated during the night of March 3, when the entity activated its institutional protocol for managing cybersecurity incidents. From that moment, technical reviews began to identify possible unauthorized access or anomalies within its technological systems.
According to the institution, the verification process is being carried out with the support of cybersecurity specialists and the technology provider responsible for managing the appointment scheduling platform. Internal Information Security teams, together with Innovation and Technology departments, began analyzing activity logs and potential vulnerabilities in order to determine the origin of the incident and establish whether unauthorized access to stored information occurred.
Reports point to possible exposure of data from millions of users
Several reports published by cybersecurity portals indicated that the alleged breach could be related to the digital platform used to schedule appointments with the institution. According to national media reports, the information that may have been obtained could correspond to data from approximately 18 million taxpayers.
Among the data that may have been exposed are elements such as names, identification numbers, phone numbers and email addresses associated with records stored in the system.
Some reports also indicate that the vulnerability that may have allowed access to the information had previously been reported during 2025. However, authorities continue conducting technical verifications to confirm the exact origin of the incident and determine the real scope of what happened. For now, the investigation seeks to establish whether a leak actually occurred from the entity’s systems or whether the information could come from another source.
Protect your logistics chain with expert customs advice. Avoid risks and ensure compliance.
DIAN temporarily disabled its appointment system
As a preventive measure while investigations continue, DIAN decided to temporarily suspend the operation of its online appointment scheduling system. The decision was made as part of the security protocols implemented by the entity when potential incidents are detected in its technological platforms.
Despite the suspension of the digital system, the institution reported that in-person assistance remained available in different offices across the country. Between March 3 and March 4, more than 11,500 citizens were assisted at 56 contact points enabled to ensure continuity of procedures.
The measure aims to reduce risks while the involved systems are reviewed and technical analyses are carried out to determine the magnitude of the incident.
Incident reported to cybersecurity authorities
DIAN also reported the incident to Colombia’s Cyber Emergency Response Group (ColCERT), the organization responsible for coordinating responses to cybersecurity incidents at the national level. With the support of this entity, technical analysis is being conducted to identify possible vulnerabilities, review affected systems and strengthen protection mechanisms for digital infrastructure.
During the first hours after the alert, the institution stated that it deployed its technical and operational capabilities to analyze the situation and protect both institutional information and citizen data. Investigations are ongoing to determine exactly what happened, how the breach may have occurred and whether a data leak actually materialized.
Protect your logistics chain: compliance and security guaranteed.
Security recommendations for users
Following the possible incident, the institution also issued recommendations for users of its digital platforms in order to strengthen personal data protection.
Suggested measures include:
- Periodically changing passwords used on digital platforms
- Avoiding sharing credentials or sensitive information through unofficial channels
- Being cautious of messages, emails or phone calls requesting personal information in the name of the institution
- Verifying the authenticity of received communications
DIAN also reminded citizens that its official communications include a QR code that allows verification of the sender’s authenticity.
Possible operational implications of the incident
The following section corresponds to interpretative analysis based on the information available in the news reports and does not constitute confirmed facts or definitive conclusions. When technological incidents occur within institutional platforms, authorities may adopt temporary security measures that lead to adjustments in some digital services or service channels. In scenarios like this, processes that depend on technological platforms may experience operational changes while technical verifications are carried out and security systems are reinforced.
Ongoing investigations will determine the real scope of the incident and the measures that may later be adopted to strengthen the protection of the institution’s digital systems.
Anticipate changes: strengthen your customs operation with expert advice.
- DIAN en alerta por posible hackeo y fuga de información; se deshabilitaron algunos servicios
- Vulnerabilidad habrÃa causado una filtración de más de 18 millones de datos de la DIAN
- Hackers se habrÃan robado los datos de 18 millones de colombianos: vulneraron la plataforma de citas de la Dian, según publicación especializada en cÃberseguridad
- Lo que se sabe sobre supuesto hackeo a la Dian, con el que estarÃan vendiendo datos confidenciales de millones de colombianos: esto dijo la entidad
- La Dian investiga alerta de ciberataque y presunto robo de datos de 18 millones de personas
