Cyber Incident Victim: Cinépolis
Date:
May 2023
Location:
Chile
Summary
Cinépolis suffered a cybersecurity incident where its systems were compromised by a third party, disrupting its operations. The attack impacted several cinema locations, causing significant service outages that prevented customers from purchasing tickets and halted movie screenings mid-feature. The company publicly acknowledged the incident via social media, informing customers that some functions were affected and that operations in the affected cinemas were suspended until further notice.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 4 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On the evening of Saturday, May 13, 2023, the operations of cinema chain Cinépolis Chile were disrupted by a significant cybersecurity incident. The company first acknowledged the event publicly through its official Twitter account, where it posted a statement informing its customers of a system-wide issue. The communication stated that "due to the intervention of third parties in our systems, some functions were affected during the course of the afternoon." This public announcement served as the initial confirmation that an external party had deliberately interfered with the company's technological infrastructure, leading to a degradation of service.
The impact of this intervention was immediate and highly visible to customers. The core cinematic experience was directly compromised as the technical failure prevented the scheduled projection of films. The company's follow-up communication on social media explicitly noted that "some of our cinemas will not be able to continue projecting functions for the rest of today." This resulted in screenings being halted mid-way through performances or canceled entirely before they could begin. Patrons already inside theaters experienced films being cut off abruptly, while others who arrived for later showings were unable to enter the screening rooms or purchase tickets due to the systemic failures.
Customer reaction on social media platforms was swift and detailed, providing a ground-level view of the incident's effects. Numerous user reports described a chaotic scene. One user reported that the cinema was "hacked in the middle of the function and they deleted the movies," indicating a potential compromise of the digital systems responsible for storing or playing the film content. Other users reported waiting for more than thirty minutes for a film to start with no result, highlighting the extended duration of the disruption. Specific accounts emerged from locations such as the Cinépolis in Maipú, where a customer reported bringing their mother to see a movie only for it to be cut short.
The geographical scope of the outage was significant, affecting multiple locations across Chile. The company subsequently identified eight specific branches that were impacted by the incident. The affected cinemas were located in Arauco Maipú, Plaza Egaña, Plaza Sur, Rojas Magallanes, Puente Alto (Plazuela), Chillán, Mall Plaza Los Dominicos, and La Reina. This list confirms that the incident was not isolated to a single region but impacted cinemas in various parts of the country, demonstrating a broad and coordinated effect on the company's network.
In response to the incident, Cinépolis Chile's primary action was to suspend affected operations until further notice. The company's public communications strategy was centralized on its Twitter account, which it used to disseminate its initial statement and to manage ongoing customer inquiries. The tweet included an image of a formal notice, reinforcing the official nature of the communication. A key component of the response was a commitment to transparency, with the company pledging to keep customers informed through that social media channel once operations were re-enabled in the affected cinemas. The company's communications did not specify the exact nature of the technical intervention, the identity of the third parties, or whether any data was accessed or exfiltrated, focusing solely on the operational impact and service restoration efforts.
The consequences of the event extended beyond mere technical inconvenience, directly damaging customer trust and the brand's reputation for reliability. The public sentiment expressed online shifted from confusion and frustration to allegations of a hack, as users pieced together the widespread nature of the failure. The incident disrupted a prime weekend evening for moviegoers, resulting in tangible financial losses for the company from lost ticket and concession sales, as well as the more intangible cost of compensating disappointed customers and managing a public relations crisis. The prolonged nature of the outage, lasting through the entire evening, indicates that the company's initial containment measures involved taking systems offline rather than a swift technical fix, a decision that prioritized security and stability over immediate service resumption. The full restoration timeline and the specific forensic findings regarding the attack vector were not detailed in the immediate public communications following the event.