Cyber Incident Victim: Concello de Teo

On the afternoon of Wednesday, January 24, 2024, the Concello de Teo municipal government suffered a cyberattack that disrupted its administrative operations in the subsequent days. The attack paralyzed core services, though major data packages hosted on external servers remained unaffected. By Thursday, January 25, the municipal IT service activated its established response protocol to mitigate the intrusion's consequences, initiating coordinated efforts with the Galician Agency for Technological Modernization (AMTEGA) and the Provincial Council of A Coruña to assess the breach's scope. Technical teams began disinfecting all computer equipment—including terminals in peripheral services like Social Services, Culture and Tourism, and the Women’s Information Center—to restore basic citizen-facing operations. The Electric Social Bonus service, a critical assistance program, was temporarily relocated to the Plenary Hall with limited Wednesday availability (10:00–12:00) due to the disruption.

Parallel to containment efforts, authorities launched a formal investigation into the attack’s origin and impact. The municipality reported the incident to the Guardia Civil, which deployed a Judicial Police team to the town hall on Friday morning. Notifications were also submitted to Spain’s National Cryptologic Center (CCN) and the Spanish Data Protection Agency (AEPD), underscoring concerns over potential data compromises. Remote coordination meetings involving municipal IT staff, the mayor, and the council secretary focused on restoring services securely while maintaining public assurances. The Concello acknowledged the technical team’s efforts and urged citizens to verify suspicious communications purportedly from the institution, though no specific threat actor or data exfiltration details were disclosed. Recovery timelines remained undefined, with priority given to disinfecting systems and reactivating essential services.