Cyber Incident Victim: Puerto Rico's Senate
Date:
Jan 2022
Location:
Puerto Rico
Summary
A cyberattack targeted Puerto Rico's Senate, disrupting its internet provider, phone systems, and official website. While no evidence was found of hackers accessing sensitive employee or contractor data, the incident remains under investigation. Authorities at local and federal levels were notified of the breach. This event follows multiple prior cybersecurity incidents affecting the region, including attempted financial scams, ransomware attacks on critical infrastructure, and data breaches targeting government entities.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On January 26, 2022, Puerto Rico’s Senate disclosed it had been targeted by a cyberattack that disrupted critical operational systems. The incident disabled the Senate’s internet provider, rendering internal and external connectivity inaccessible, and impaired its telephone system, hindering communication channels. The attack also compromised the Senate’s official online page, limiting public access to information and services. Senate President José Luis Dalmau confirmed the incident in a public statement, noting that an investigation was underway to assess the full scope and origin of the breach. Initial findings indicated no evidence that hackers had accessed sensitive data belonging to employees, contractors, or consultants, though forensic analysis continued. The Senate promptly reported the incident to local and federal authorities, initiating coordination with law enforcement and cybersecurity agencies to address the attack’s technical and legal dimensions. The disruption caused operational delays, though the Senate did not specify the duration of outages or detailed recovery timelines.
This incident occurred against a backdrop of recurring cyber threats targeting Puerto Rican government entities and critical infrastructure. In 2021, a private company managing the island’s electricity transmission and distribution systems reported a cyberattack that blocked customer access to its website. Earlier, in 2020, an online phishing scam attempted to divert over $4 million from government agencies, leading authorities to freeze $2.9 million of the targeted funds. Later that year, hackers infiltrated the Puerto Rico Fire Department’s database and demanded a $600,000 ransom, marking another high-profile breach. The Senate’s 2022 attack shared similarities with these prior incidents in its disruptive impact on public services, though attribution and specific attack vectors remained unconfirmed at the time of disclosure. The Senate’s response focused on containment, investigation, and interagency collaboration, reflecting established protocols from previous cybersecurity challenges on the island.