A new report by researcher and journalist Luis Assardo points out that, after the wave of cyberattacks in April 2026, some government platforms corrected flaws and improved their security, although others retreated or did not apply basic protection measures.
On April 7, 2026, the first cyber attack against the General Directorate of Control of Arms and Ammunition (Digecam). Less than a week later, Assardo conducted a scan of 134 Guatemalan government websites with the GovScan tool and determined that most lacked basic security measures.
In the days following that first analysis, new leaks and unauthorized access were recorded on State platforms, including the Your Employment portal, of the Ministry of Labor; the Ministry of Education; the University of San Carlos of Guatemala; the Rafael Landívar University, and the Ministry of Health.
Adjustments after attacks
On May 3, 2026, Assardo conducted a new analysis of state portals and found that some entities made adjustments to better protect their information. For example, the use of tools that help prevent sites from being altered or used to steal user data has increased.
“They are small changes, but they are the first evidence that some system administrators heard the alarm,” says Assardo.
Among the institutions that showed improvements, the Road Conservation Unit (COVIAL) stands out, which went from a D to B rating. The Attorney General’s Office (PGN) also improved from C to B, while the Ministry of Energy and Mines increased 27 points.
Setbacks and weaknesses
In Assardo’s opinion, the general outlook remains worrying. The average safety score dropped from 48.5 to 46.7 out of 100, and the sites with the worst rating (F) increased from 8 to 39 in three weeks.
“The most striking movement was not up. It was down,” the report warns.
Among the most notable setbacks are the Vice Presidency of the Republic and the Ministry of the Interior, which fell to the lowest ratings. Added to this is the Your Employment portal, of the Ministry of Labor, which has remained offline since the attack.
You could read: Cybersecurity and the consequences of data theft from State institutions, according to experts
A problem before April
According to Assardo, the crisis did not begin in April. Since at least June 2025, when it began collecting data from stolen credential logs, threat intelligence platforms were detecting information on Guatemalan government employees for sale on cybercrime markets.
“They were not passwords from a single institution. They were batches that included the Public Ministry, the Judicial Branch, the Comptroller General of Accounts, the SAT, the Renap, the PNC, the MSPAS, the Mintrab and more than 20 additional institutions. The price of each batch: 10 dollars,” the analysis details.
According to the report, those credentials were never changed in bulk and the affected systems did not implement additional verification to protect access.
“When the attackers arrived in April, in many cases they did not need to find a technical vulnerability: they simply used passwords they already had,” he explained.
He added that the SAT, with 258 thousand compromised user credentials, is the institution with the highest level of accumulated risk. While the National Registry of Persons (Renap), with 40,300 committed users, is the second.
“Neither of the two has reported a confirmed breach. But the conditions that allowed the April attacks remain in force in both,” he explained.
Government and international support after hacks
During the La Ronda press conference on Monday, May 4, President Bernardo Arévalo stated that the attacks are not exclusive to Guatemala, but are part of an international phenomenon.
“It is being done by criminal groups whose motivation is fundamentally extortion,” said the president.
He added that, before information about the attacks was made public, work was already underway to identify vulnerabilities in the systems.
He also indicated that there is coordination between the ministry teams to correct detected failures.
“We are also working with the cooperation of countries such as the United States, Spain and Taiwan, with whom we have been supporting each other to identify vulnerabilities and the measures that must be taken to overcome this situation,” he stated.
The president noted that the data has not disappeared and that it remains in the affected institutions.
He added that the Government is working to improve cybersecurity and prevent new attacks, which, in his opinion, respond to a global trend.