Cyber Incident Victim: Prefeitura de Taubaté

The Prefeitura de Taubaté, located in São Paulo state, confirmed a cyberattack in August 2024 that compromised confidential data across multiple municipal departments. The breach affected servers storing sensitive information from the Secretariats of Health, Education, Administration, General Prosecution, Planning, Housing, Treasury, and Government. Municipal systems handling online protocols (1Doc platform) and financial/HR processes (Etheriumtech) remained unaffected. While the attackers' identity and origin were not disclosed, the administration promptly notified Brazil's National Data Protection Authority (ANPD) as mandated by the General Data Protection Law (LGPD). The incident exposed vulnerabilities in the city's data storage infrastructure but did not disrupt core operational platforms. No specifics regarding the attack methodology or data exfiltration volume were released publicly.

In response, Taubaté implemented Decree 16.039 establishing a Municipal Information and Communication Security Policy to standardize data control, monitoring, and protection protocols. Immediate countermeasures included IT infrastructure modernization, plans for a unified municipal network interlinking government buildings, and procurement of a new firewall. The city initiated cybersecurity training for all employees to improve threat identification and mitigation capabilities. This incident occurred against a national backdrop where municipal administrations accounted for nearly 30% of cyberattacks by March 2025, exemplified by a separate ransomware attack on Palmeira's email systems in Paraná state. Experts cited systemic vulnerabilities in public-sector IT infrastructures and the high value of citizen data as key factors driving such attacks. Taubaté's reforms aimed to restore public trust while addressing technical and procedural security gaps exposed by the breach.