Cyber Incident Victim: Government of Puerto Rico
Date:
Nov 2023
Location:
Puerto Rico
Summary
A cyberattack targeted the municipal systems of Río Grande, Puerto Rico, compromising the town hall's cyber portal and corrupting its content through malware introduced by hackers. The incident resulted in an estimated $75,000 in damages to the infrastructure. While the municipality's IT officer detected partial data extraction and system irregularities, the mayor characterized the lost data as minimal. A private cybersecurity firm confirmed the breach, and criminal investigations remain ongoing to address the incident.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On November 20, 2023, an IT officer at the Río Grande municipal hall in Puerto Rico discovered anomalies during routine system monitoring, observing that data was not displaying correctly on monitors and that partial data extraction had occurred. The officer initiated internal reviews but did not immediately escalate the incident. By November 23, authorities formally alerted the Puerto Rico Police after determining the irregularities indicated a broader compromise. A private cybersecurity firm was engaged to conduct forensic analysis, which confirmed an external cyberattack by hackers who deployed malicious software to infiltrate municipal systems. The attackers corrupted the town’s cyber portal and compromised all stored municipal data, though the exact method of initial access remained unidentified. Damage to hardware, software, and recovery costs was initially estimated at approximately $75,000. Mayor Ángel "Bori" González publicly characterized the data loss as "minimal" but did not specify which datasets or services were affected. The incident disrupted normal municipal operations, though critical public services such as utilities or emergency response systems showed no reported interruptions.
The municipality’s response included isolating affected systems to prevent further spread of the malware, though the timeline for containment was not disclosed. Cybersecurity specialists worked to restore corrupted systems and assess the full scope of data extraction, though no evidence of ransomware deployment or explicit ransom demands was confirmed. Puerto Rico’ Criminal Investigations Corps and Cyber Crimes Unit assumed primary investigative responsibility, collaborating with the private firm to analyze attack vectors and identify potential threat actors. No group claimed responsibility, and investigators did not publicly attribute the attack to any known hacking collective or nation-state. Municipal officials prioritized public reassurance, emphasizing operational continuity despite the ongoing forensic efforts. The cyber portal remained offline during recovery, impacting digital services for residents, though alternative manual processes were implemented for essential functions. As of November 27, the investigation remained active with no arrests or additional technical details released regarding the attackers’ infrastructure or motives.