Cyber Incident Victim: Emova Movilidad S.A.

On May 4, 2022, Emova Movilidad S.A., operator of Buenos Aires’ subway system, experienced a disruptive external cyberattack targeting its internal technical infrastructure. The incident immediately disrupted critical public services, primarily affecting the recharge functionality for SUBE (Sistema Único de Boleto Electrónico) transit cards and impairing access to the company’s website. Emova confirmed the attack through an official statement, clarifying that subway operations continued normally despite the compromise. By the afternoon of May 4, the company acknowledged via Twitter that SUBE recharge systems remained suspended, though travelers could still use existing card balances. The attack’s secondary impact emerged through limited service availability at physical recharge points managed by Emova, forcing operational adjustments.

Emova implemented provisional emergency measures to mitigate rider disruptions, including authorizing station ticket offices to sell single-journey Subtepass paper tickets as an alternative for passengers without SUBE card balances. Technical teams prioritized restoring affected systems, though the company provided no specific timeline for full recovery. No data theft or broader network compromise was disclosed. Service interruptions persisted into at least a second day, with Emova reiterating that subway travel itself remained unaffected while recharge capabilities stayed offline. The organization maintained public updates through social media and press communications but did not identify the attackers or disclose technical details of the intrusion. Recovery efforts focused on system restoration without elaborating on forensic investigations or long-term security improvements.