Cyber Incident Victim: Educa em Casa
Date:
Mar 2021
Location:
Brazil
Summary
A cyber attack targeted the Educa em Casa remote learning platform and a local transit website operated by Petrópolis City Hall, disrupting both services. The municipality confirmed no unauthorized access to internal systems occurred, as critical data resided on separate secured servers unaffected by the breach. All compromised platforms were restored to normal operation following remediation efforts by the city's IT department, with officials emphasizing that only publicly accessible information was involved and no content alterations were detected.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 3 techniques |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On March 4, 2021, the Companhia Petropolitana de Trânsito e Transportes (CPTrans) website in Petrópolis, Brazil, experienced a cyber attack attributed to a hacker. The following morning, March 5, the Educa em Casa educational platform, used by the municipal school system for remote learning, was also targeted in a separate attack. Petrópolis City Hall publicly confirmed both incidents in a March 5 press release, characterizing them as external intrusions against public-facing web properties. Officials emphasized that all content on both platforms resided in the public domain and stated no data alterations occurred during either breach. The attacks caused temporary disruptions to the affected services, though the city noted internal government systems remained isolated from compromise due to physical separation of servers housing sensitive municipal data.
The municipal Information Technology Department (DETEC) initiated immediate remediation efforts following the attacks. By the time of the March 5 announcement, CPTrans’s website functionality had been fully restored, while repairs to the Educa em Casa platform were actively underway. City Hall implemented additional security measures to harden its electronic infrastructure against future external threats, though specific technical details of these measures were not disclosed. No evidence suggested unauthorized access to confidential information or operational systems beyond the targeted web platforms. Service restoration constituted the primary operational impact, with no reported data exfiltration, financial losses, or secondary disruptions to municipal operations arising from the incidents.