Cyber Incident Victim: Prefeitura de Luz

On July 18-19, 2024, unidentified attackers breached the financial systems of Luz Municipal Government in Minas Gerais, Brazil, executing unauthorized transactions exceeding R$1.3 million. The intrusion occurred through two distinct sessions: the first at approximately 19:30 on July 18 and the second at 07:20 on July 19, during which perpetrators conducted five transfers to corporate accounts (CNPJs) and multiple bill payments. Earlier on July 18, an individual posing as a Caixa Econômica Federal employee had contacted the municipal treasury department, requesting authorization to perform a purported system update—a request that was granted and implemented throughout that day. This social engineering tactic likely facilitated subsequent unauthorized access, compounded by the municipality’s reliance on outsourced financial management services through Caixa. Municipal officials discovered the breach on July 19 and immediately filed a police report documenting the fraudulent transactions totaling R$1,394,499.67.

The municipality initiated a multi-agency response upon detection, engaging the Military Police and Caixa’s security division to contact recipient banks and Brazil’s Central Bank to freeze transactions and recover funds. Federal Police were subsequently notified to investigate the breach, while Luz’s Finance and Planning Secretariat collaborated directly with Caixa to halt further operations. In public statements, the municipal government emphasized its immediate containment efforts but did not disclose technical details about the compromised systems or long-term financial repercussions. The incident exposed vulnerabilities in third-party financial management arrangements and highlighted the attackers’ operational sophistication in combining social engineering with coordinated transaction execution during non-business hours. No attribution claims or data exfiltration beyond financial theft were reported in available documentation.