Cyber Incident Victim: Serviço Brasileiro de Apoio às Micro e Pequenas Empresas

On or around March 27, 2022, the Brazilian Micro and Small Business Support Service (Sebrae) experienced a cyberattack that disrupted its digital operations. The organization confirmed the incident publicly, acknowledging that its primary website and associated systems became inaccessible starting from that date. The outage affected Sebrae's national domain and linked services, including state-level operational platforms. Some regional websites displayed inconsistent availability, with Santa Catarina's portal remaining accessible while Paraná's site showed a maintenance notice alongside the official press statement. Third-party reports on social media indicated additional system failures, specifically impacting a free invoice issuance platform provided by Sebrae and portals managing course registrations and job applications, preventing users from submitting requests or accessing services.

Sebrae initiated incident response measures by issuing a public communication confirming the attack and its operational impacts. The organization stated it was working to restore platforms but provided no timeline for full recovery. During the outage, Sebrae maintained limited customer service operations through telephone and WhatsApp channels. The entity declined to disclose technical details regarding the attack’s origin, scope, or potential compromise of sensitive data, emphasizing only that investigations were ongoing to attribute responsibility and remediate damages. No further updates regarding data exfiltration or specific attacker methodologies were released. Users were advised to monitor official Sebrae communications and avoid alternative links or third-party messages purporting to represent the organization while systems remained offline.