The revelation came from a US Justice Department watchdog audit released, shedding light on how Mexican drug thugs exploited America’s tech vulnerabilities in 2018.

The hacker somehow got the phone number of an FBI assistant legal attaché stationed at the US embassy in Mexico City and was able to hoover up call logs and geolocation data.

With that, the cartel tracked the agent’s movements using the city’s camera system and identified those he met with. Some of those informants were then intimidated or murdered.

The report didn’t name the hacker, the agent, or any of the victims.

The incident was buried in a wider audit of how the FBI deals with “ubiquitous technical surveillance,” a term used to describe the hellscape of always-on cameras and the industrial-scale trade in people’s location data.

The hacker worked for the cartel once commanded by Joaquín “El Chapo” Guzmán, who got bundled off to the US in 2017 and is now serving a life sentence.

US officials didn’t have much to say. The embassy referred reporters to the Justice and State departments, who kept schtum. The FBI and El Chapo’s lawyer went to ground.

The report warned that these kinds of hacks are no longer the domain of top-tier spy agencies. Even mid-level nations and criminal outfits can now exploit the growing global surveillance blob.

Apparently, the FBI does have a strategy in the works to plug these gaping holes. Meanwhile, they’re getting a nudge to train up their people better and maybe be a bit more careful next time.