Cyber Incident Victim: Cemig Telecom
Date:
Jun 2014
Location:
Brazil
Summary
A cyberattack attributed to Tunisian hackers affiliated with the Anonymous collective compromised Cemig Telecom, exposing over 1000 employee and customer records including names and emails. The breach occurred as part of a coordinated #OpWorldCup campaign targeting Brazilian institutions during the FIFA World Cup, with hackers citing opposition to government corruption and tournament-related expenditures. The incident formed part of a broader series of attacks that included data leaks from government agencies, law enforcement portals, energy infrastructure, and media organizations, collectively exposing thousands of sensitive records through social engineering and system intrusions.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 2 actors | Available to members | Available to members |
Description
The 2014 cyber incident involving Cemig Telecom occurred during a coordinated campaign by hacktivist groups protesting Brazil’s hosting of the FIFA World Cup. Between June 14-17, 2014, Tunisian hackers operating under the Anonymous banner breached Cemig Telecomunicações S.A., leaking a database containing over 1,000 records of employee and customer information including names and email addresses. This attack formed part of the broader #OpWorldCup campaign, which simultaneously targeted Globo TV (compromising 167 employee records), Brazilian government systems (450 employee credentials), the Regional Electoral Court of Amazonas, Power Plants of Northern Brazil (3,400 user records), and the Federal Police portal. Attackers defaced the compromised Cemig Telecom data with an anti-FIFA political message condemning corruption and accusing politicians of exploiting citizens, explicitly linking the breach to opposition against World Cup expenditures. The leaked Cemig data was distributed through multiple online repositories alongside datasets from other breached institutions, with hackers promoting their actions through pastebin-style platforms and social media channels under campaign hashtags including #OpMundial2014 and #FreeBrazil.
The breach exposed sensitive personally identifiable information of Cemig Telecom stakeholders without evidence of encryption or redaction, creating immediate risks of identity theft and phishing targeting both corporate personnel and service subscribers. Operational impacts included potential reputational damage to Cemig as critical infrastructure provider, compounded by parallel compromises of Brazil’s power utility and law enforcement agencies during the same operation. No technical details regarding intrusion vectors were disclosed, though the Globo TV breach description referenced social engineering tactics, suggesting possible credential harvesting techniques across multiple targets. While the article documented website defacements and data dumps, it contained no information about organizational detection timelines, containment measures, or recovery actions taken by Cemig Telecom or other affected entities. Forensic evidence consisted exclusively of attacker-released materials including database excerpts, system screenshots, and ideological manifestos criticizing government spending priorities related to the international sporting event.