Cyber Incident Victim: Soltráfego
Date:
Oct 2024
Location:
Portugal
Summary
A cyberattack targeted servers operated by Soltráfego, impacting its MorBike electric bike-sharing platform, amid a broader pattern of similar incidents affecting national institutions. The municipal government clarified that its own systems remained unaffected, with the compromise limited to the third-party provider's infrastructure. The company asserted that business operations, financial transactions, customer records, travel histories, and personal user data were securely protected throughout the incident. Soltráfego's technical team was actively engaged in neutralizing the threat to restore normal service operations.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On October 1, 2024, Soltráfego, a company managing Montemor o Novo’s MorBike electric bicycle-sharing platform, experienced an attempted cyberattack targeting its servers. The incident occurred amid a wave of similar attacks against unspecified national institutions, though the municipality confirmed its own infrastructure remained unaffected. Soltráfego’s compromised servers exclusively hosted the MorBike operational platform, a system unrelated to municipal data or services. The attack prompted immediate engagement from Soltráfego’s cybersecurity team, which initiated containment protocols to isolate the threat. Municipal authorities publicly clarified the separation between their systems and Soltráfego’s infrastructure to prevent public confusion about data exposure risks. No operational disruptions to MorBike services were reported, though the company’s response efforts prioritized threat neutralization over system functionality.
Soltráfego assured stakeholders that all business-critical data—including customer profiles, payment transactions, trip records, and personal information—remained secured throughout the incident. The company attributed this protection to existing safeguards but did not disclose specific defensive measures or attack vectors. No evidence suggested unauthorized data access or exfiltration occurred during the breach attempt. Soltráfego’s incident response team maintained continuous efforts to eradicate the threat, though no timeline for full resolution was provided. The municipality reiterated its reliance on Soltráfego’s transparency regarding incident updates while emphasizing its non-involvement in the technical remediation process.