Cyber Incident Victim: TOTVS

TOTVS, a Brazilian technology company, publicly addressed a cybersecurity incident impacting its digital infrastructure in late August 2024. Rumors emerged on Monday, August 30, suggesting the IT vendor had suffered a ransomware attack, with the BlackByte group claiming responsibility for the intrusion. The threat actors offered samples of allegedly exfiltrated company data obtained during the encryption process, though TOTVS did not independently verify these claims. The company formally acknowledged the cyberattack through a statement released to Security Report on September 1, confirming it had activated pre-established security protocols in response. TOTVS emphasized rapid containment actions to maintain normal service operations for clients, though it withheld specific technical details regarding attack vectors, compromised systems, or data encryption scope.

The organization declined to confirm whether client environments experienced secondary impacts from the breach or validate BlackByte's assertions regarding data theft. Internal corporate communications stressed TOTVS's commitment to information security and continuous system monitoring to detect emerging threats, while acknowledging the persistent targeting common to technology sector entities. This incident occurred amid heightened industry scrutiny following Fortinet's recent disclosure of unauthorized access to limited internal corporate information by an unknown actor. TOTVS maintained operational continuity throughout the response period, prioritizing stakeholder communication through official channels without elaborating on forensic investigation timelines or potential data exposure magnitudes. The company reiterated data protection as a core institutional priority while concluding its initial public disclosure phase without confirming remediation completion status or future notification requirements.