Cyber Incident Victim: Empresas Municipales de Cali
Date:
May 2025
Location:
Colombia
Summary
Empresas Municipales de Cali suspended several information services after a possible cyber‑attack alert triggered its security protocols, isolating the commercial system, the web portal, billing platforms and physical service points while confirming that no intrusion had been verified. The utility reported that internal connectivity and control systems were restored quickly and that essential public services such as water, sewage, energy and internet continued to operate normally, with a gradual return of the suspended platforms as investigations progressed.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 0 motives | 0 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On May 13, 2025, Empresas Municipales de Cali (Emcali) issued a public notice after receiving an alert indicating a possible cyberattack on its information systems. The alert prompted the activation of security protocols that led to the temporary suspension of several non‑essential services to prevent potential damage. Adrián Iriarte, manager of the Technology and Information Area, explained that although no intrusion had been confirmed at that moment, the decision to isolate critical platforms was taken as a precautionary measure. He stated that the company began a detailed assessment immediately to rule out any breach. The notice was also posted on Emcali’s official Twitter account, where the same message was repeated for emphasis.
The suspended services included the commercial system, the online transaction portal accessible via https://t.co/OBwtKQqcTb, the recaudo (billing and collection) systems, and the physical points of attention where customers normally conduct in‑person procedures. Emcali clarified that the isolation did not affect the operation of essential public services such as drinking water supply, sewerage, electricity distribution, and internet connectivity, which continued to function normally across the city except in areas undergoing scheduled maintenance work. The company reported that, as part of the response, internal connectivity and internal control systems had already been restored, while other information systems were being brought back online progressively. Emcali emphasized that each platform would be reactivated only after a complete risk assessment confirmed the absence of threats.
In the aftermath of the alert, Emcali highlighted that it had been strengthening its cybersecurity posture for more than a year through the optimization of internal processes, the deployment of data protection tools, and ongoing technical staff training in cybersecurity practices. Iriarte noted that the immediate activation of the incident response protocols demonstrated the effectiveness of those preventive measures. The company stated that it would continue implementing actions aimed at early detection of alerts and system protection as part of its broader technological strengthening plan. Emcali concluded its communications by reassuring users that services would be fully resumed once security teams validated that no risk remained.