Cyber Incident Victim: Uruguay's Ministry of Transport and Public Works

On October 17, 2022, Uruguay’s Ministry of Transport and Public Works (MTOP) experienced a ransomware attack that disrupted its operations. The ministry worked to restore systems over the following weeks, announcing on November 9 that it had returned to normal operations after recovering critical information and reactivating affected services. MTOP did not initially disclose the attackers’ identity or the scope of data compromise during this recovery phase. Approximately three weeks after the attack, the ransomware group known as PLAY claimed responsibility for the incident. PLAY asserted it had exfiltrated 80 GB of the ministry’s data and released 5 GB of files as proof of the breach, though the specific content of these files was not detailed in public reports.

MTOP maintained limited public communication about the incident until November 30, when it issued a statement denying any negotiations with the attackers. The ministry characterized the stolen data as representing only 0.03% of its total information holdings, minimizing the perceived impact of the breach. No technical details were provided regarding the attack vector, specific compromised systems, or operational disruptions beyond the initial service interruptions. MTOP confirmed its investigation remained ongoing with the stated objective of implementing enhanced security measures. The ministry did not respond to direct inquiries from DataBreaches.net regarding potential communications with PLAY or additional incident details. PLAY’s leak site activity and MTOP’s public statements constituted the only confirmed information about the attack’s aftermath, with no independent verification of the data’s sensitivity or the ministry’s recovery claims.