Cyber Incident Victim: Fundo Nacional de Desenvolvimento da Educação
Date:
Sep 2022
Location:
Brazil
Summary
The National Fund for Educational Development experienced a significant data leak involving 62 TB of files by the RansomExx group. The agency asserted that only publicly accessible information was compromised, with no impact on municipal services, and its technology team responded promptly upon detecting the incident. Concurrently, a separate ransomware attack disrupted Ourique Town Hall's computer systems, limiting municipal services, though initial audits found no evidence of database access; no threat actor claimed responsibility or issued ransom demands for this incident.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On September 3, 2022, the RansomExx cybercriminal group leaked 62 terabytes of files from Brazil’s National Fund for Educational Development (FNDE), a federal agency under the Ministry of Education responsible for critical programs like the National School Nutrition Program. The threat actors publicly released the data through their leak platform, marking a significant breach of government systems. FNDE confirmed in an official statement to CISO Advisor that its Directorate of Technology and Innovation responded immediately upon discovering the potential compromise. The agency asserted that municipal services remained operational and unaffected by the intrusion. FNDE downplayed the severity of the leak by characterizing the exposed data as already publicly accessible, though the scale of the 62 TB dataset suggested extensive document exfiltration. No details were provided regarding the initial attack vector, duration of system access, or specific systems targeted beyond the general reference to leaked files. The breach represented one of the largest publicly disclosed government data leaks in Brazil at the time based on volume.
In a separate but temporally proximate incident, the Municipality of Ourique announced via Facebook on September 7, 2022, that its computer systems had been compromised by a ransomware attack. Local authorities activated incident response protocols immediately after detection, filing formal complaints with Portugal’s Judicial Police. The attack disrupted municipal operations, forcing conditional provision of citizen services while forensic audits were conducted. Ourique’s administration confirmed in their public statement that preliminary investigations found no evidence of unauthorized access to municipal databases, though ransomware typically involves encryption rather than data theft. No threat actor claimed responsibility for this attack, and officials did not disclose whether ransom demands were made or negotiations occurred. The concurrent timing of these incidents against Brazilian and Portuguese educational and municipal entities suggested potential regional targeting of public sector infrastructure, though no technical evidence or attribution linking the attacks was established in available reporting.