Cyber Incident Victim: Professional Account Management
Date:
Apr 2022
Location:
United States of America
Summary
A cyberattack targeted Professional Account Management (PAM), the private operator of AutoExpreso's recharge system, disrupting users' ability to replenish their accounts. While toll collection remained operational and continued recording transactions unaffected by the breach, authorities suspended fines for users impacted during the outage period. Multiple government agencies, including Homeland Security, the FBI, and Puerto Rico's public security division, collaborated to investigate the attack's scope and implement security protocols. The primary focus was restoring full system functionality and ensuring transaction data synchronization once services were recovered.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On April 16, 2022, a cyberattack disrupted the recharge system of AutoExpreso, Puerto Rico’s electronic toll collection service, impacting users’ ability to add funds to their accounts. The attack targeted Professional Account Management (PAM), the private operator responsible for managing AutoExpreso’s systems. The Puerto Rico Department of Transportation and Public Works (DTOP) and the Highways and Transportation Authority (ACT) confirmed the incident on the morning of April 19, clarifying that the outage stemmed from a cybersecurity breach rather than technical failures. While toll transactions continued to register normally during the incident, the attack specifically crippled the recharge functionality across digital platforms, preventing users from topping up their accounts. Authorities emphasized that toll collection infrastructure remained unaffected, ensuring transactions were recorded for later synchronization once systems recovered. To mitigate public inconvenience, ACT suspended penalty fees for toll violations effective April 16 until further notice, acknowledging potential delays in account replenishment.
The response involved a coordinated effort between ACT, PAM, the Puerto Rico Innovation and Technology Service (PRITS), Homeland Security, the FBI, and the Puerto Rico Public Safety Division to assess the attack’s scope and restore services. Investigations focused on determining the intrusion’s extent, which preliminary findings limited to the recharge system compromise. No evidence suggested broader impacts on toll transaction data or critical infrastructure. Government agencies prioritized implementing security protocols and reassuring citizens, stressing collaboration to expedite recovery. Public communications reiterated that no personal or financial data breaches occurred, as the attack solely disrupted recharge operations. Recovery efforts aimed to fully restore synchronization of toll records once systems stabilized, with ongoing work to fortify defenses against future incidents.