Cyber Incident Victim: Puerto Rico's Firefighters Corps

On or around October 15, 2020, Puerto Rico’s Firefighting Department disclosed a security breach in which unidentified threat actors infiltrated its database servers. The attackers encrypted the department’s servers and subsequently sent an email notification to the organization, explicitly stating they had executed the encryption and demanding a $600,000 ransom payment for decryption. The department’s director, Alberto Cruz, publicly confirmed the incident but emphasized that the attack did not disrupt the agency’s emergency response capabilities, ensuring continued operational readiness for firefighting and rescue missions. Upon discovering the breach, the department immediately engaged local law enforcement authorities to investigate the intrusion. Officials stated they refused to negotiate with or pay the ransom demanded by the attackers, adhering to a no-concession stance. The Associated Press reported these developments, noting the department’s cooperation with police and the ongoing status of the investigation at the time of disclosure.

The incident’s primary impact was limited to the compromise and encryption of internal servers, with no reported exfiltration or public leakage of sensitive data. Director Cruz reiterated that critical emergency services remained fully functional throughout the attack and its aftermath, mitigating risks to public safety. Law enforcement agencies assumed lead responsibility for forensic analysis and attribution, though no details regarding the attackers’ identity, infrastructure, or initial attack vector were disclosed publicly. The department maintained its operational continuity by relying on unaffected systems or procedural redundancies, though specific technical containment measures were not detailed. The investigation remained active as of the initial reporting date, with no subsequent resolution or additional compromises disclosed in the available source material.