Cyber Incident Victim: Costa Rican Social Security Fund

On May 31, 2022, during the early morning hours, the Caja Costarricense de Seguro Social (CCSS) experienced a cybersecurity breach. The organization’s Director of Information and Communication Technologies, Roberto Blanco Topping, confirmed the incident and initiated immediate technical analyses to assess the intrusion. Blanco stated that critical databases—including Edus (education system), Sicere (revenue collection), payroll, and pension systems—remained uncompromised, indicating the attackers did not penetrate these core datasets. As a precautionary measure, CCSS administrators proactively shut down all operational systems to prevent further unauthorized access or damage. Restoration efforts focused on reactivating critical services first, though Blanco emphasized no definitive timeline existed for full operational recovery due to the ongoing forensic investigation. Technical teams collaborated with specialized internal personnel and an unnamed third-party entity to evaluate the breach’s pathway and develop a recovery strategy.

The incident disrupted multiple CCSS services, though the full scope of impacted systems remained unconfirmed at the initial disclosure. Response priorities centered on isolating compromised infrastructure while preserving unaffected databases. Blanco’s public update confirmed no evidence of data exfiltration from financial or pension systems, mitigating immediate concerns about large-scale financial fraud or identity theft. The preventive system-wide shutdown extended service interruptions beyond directly targeted systems, reflecting a containment strategy favoring operational paralysis over risk escalation. CCSS committed to providing further public updates once investigators established additional factual details about the attack vector, duration, or perpetrator methodology. Restoration work continued without confirmation of when standard operations would resume.