Cyber Incident Victim: Red Bus
Date:
May 2023
Location:
Argentina
Summary
A cyber attack on the Red Bus payment system operator, Bizland, prevented residents from adding credit to their transit cards. The municipality and the company established a limited parallel manual system at only 31 locations, which resulted in long queues for service. While administrative functions were eventually restored, the operator faced financial penalties from the city for failing to have an adequate contingency plan to maintain service.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 3 motives | 3 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On or around May 11, 2023, residents of the city of Córdoba found themselves unable to add credit to their Red Bus cards, a critical payment method for the urban passenger transportation system. The inability to load balance began on a Thursday, which based on the article's publication date, corresponds to May 11th. The company responsible for managing the Red Bus service, Bizland, identified the cause of this widespread service disruption as a successful cyber attack against its systems. The specific nature of this hack was not detailed in the available information, but its primary effect was the complete prevention of balance loading operations for the prepaid transit cards.
The incident persisted through the weekend following the initial attack. Faced with a continuing inability to restore the primary loading system, the Municipality of Córdoba and Bizland collaborated to implement an emergency contingency plan. This plan involved the creation of a parallel, manual system to process balance charges. This stopgap measure was operational by Saturday, May 13th, but its deployment was severely limited in scope. The manual system was activated at only 31 specific points throughout the entire city, a number vastly insufficient to serve the normal demand of Córdoba's residents. The drastic reduction in available loading locations immediately resulted in the formation of very long queues and significant inconvenience for users who needed to add credit to their cards to travel.
By the morning of Monday, May 15th, progress had been made in restoring parts of the compromised infrastructure. According to Federico Ingaramo, the Undersecretary of Transportation, the administrative component of the system had been successfully reestablished. However, full functionality had not yet been achieved. A critical remaining task was to re-enable the communication links between the system and the business point-of-sale (posnet) terminals. This unresolved technical issue meant that the vast network of neighborhood convenience stores and kiosks that typically offered Red Bus loading services, along with major digital payment platforms such as Mercado Pago and Pago mis Cuentas, remained completely offline and unable to process any transactions for the card.
The impact of this incident was substantial and multifaceted. The most direct effect was on the daily commute and mobility of Córdoba's citizens. Passengers were unable to conveniently add funds to their travel cards, causing disruption and delays. The limited manual loading option forced individuals to seek out one of the few authorized locations, leading to wasted time and crowded conditions. The commercial impact was also significant, as numerous small businesses that relied on transaction fees from selling Red Bus credit lost a stream of revenue for the duration of the outage. The reputation of both Bizland, as the service operator, and the municipal transportation system was damaged by the extended period of unreliable service.
The official response from the Municipality of Córdoba was focused on two parallel tracks: restoration and accountability. The primary effort was dedicated to guaranteeing that residents could eventually load their Red Bus cards, first through the emergency manual system and then through the full technical restoration. Simultaneously, the municipal government made a clear statement that it held Bizland contractually responsible for the service interruption. While officials acknowledged that Bizland was a victim of the external cyber attack, they emphasized that the company had contractual obligations to maintain service continuity and provide reliable access to the Red Bus system.
A key aspect of the government's response was the announcement of financial penalties for Bizland. Undersecretary Ingaramo explicitly stated that the company would be sanctioned for the breach of its contractual conditions. The justification for this penalty was rooted in the duration of the outage, which had reached four days by Monday, May 15th. The official position was that this lengthy recovery time was "not understandable," indicating a failure on the part of Bizland to have an adequate and rapidly deployable business continuity or disaster recovery plan—a "plan B"—to mitigate such an attack and minimize its impact on the public. The incident therefore triggered not only a technical recovery process but also a formal contractual and financial consequence for the service provider.