Cyber Incident Victim: Policía de Seguridad Aeroportuaria
Date:
Oct 2025
Location:
Argentina
Summary
Hackers compromised the payroll system of Argentina’s airport security police, accessing personal and financial data of officers and civilian staff and making fraudulent salary deductions labeled as “DD mayor” and “DD seguros.” The intrusion was traced to a vulnerability in the payroll processor Banco Nación, prompting the agency to block some services and launch an internal cybersecurity awareness campaign while the motive and total amount taken remain unclear. The article also notes other recent breaches affecting Argentine government apps and Telecom Argentina, though details of those incidents are separate.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On January 1, 2025, local media reported that Argentina’s airport security police (PSA) had suffered a cyberattack that compromised the personal and financial data of its officers and civilian personnel. The unknown threat actor gained access to PSA’s payroll records through a vulnerability in the systems of Banco Nación, the bank that processes the agency’s payroll. Once inside, the attackers deducted small amounts of money from employees’ salaries, labeling the fraudulent transactions as “DD mayor” and “DD seguros,” with individual deductions ranging from 2,000 to 5,000 pesos (approximately $100 to $245). Local media cited sources at the agency who said the operation could have been carried out either from abroad or from within Argentina, potentially with internal accomplices. Neither PSA nor Banco Nación have publicly commented on the claims or acknowledged the breach.
The compromise exposed payroll information, raising concerns about the privacy and financial security of PSA personnel. In response, the PSA blocked some of its services and launched an internal cybersecurity awareness campaign to mitigate further risk. It remains unclear whether the attack was financially or politically motivated, and the total amount of funds stolen has not been disclosed. The article notes that in December 2024 unknown hackers breached two of Argentina’s e‑government platforms—the Mi Argentina app and the SUBE app—exposing the personal information of millions of citizens, an incident attributed to a threat actor using the pseudonym "h4xx0r1337". Additionally, in July 2024 Telecom Argentina reported a ransomware attack that encrypted up to 18,000 workstations using stolen admin credentials, and in April 2024 hackers claimed to have accessed a Central Bank of Argentina database containing customer names and ID numbers.
The PSA’s blocking of services and awareness campaign constitute the primary response actions described in the source material. No further technical details about containment, forensic analysis, or remediation are provided. The lack of public acknowledgment from both PSA and Banco Nación leaves the full scope of the incident and any ongoing investigative steps unspecified. The narrative ends with the information available from the reported article.