Cyber Incident Victim: Prefeitura de Mirassol D’Oste
Date:
Mar 2025
Location:
Brazil
Summary
The municipality of Mirassol D’Oste suffered a cyber attack that compromised its bank accounts and resulted in a loss of approximately R$1.3 million. After the municipal treasurer noticed insufficient funds while attempting a payment, investigators uncovered at least three unauthorized transfers—one to an individual for R$192,456.89, another to a company for R$193,789.98, and a third to a pharmaceutical venture for R$191,200.17—plus an additional R$650,000 movement to a private bank account identified through a review with Caixa Econômica Federal. Two of the fraudulent transactions were blocked by one bank, but the remaining transfers proceeded before they could be stopped. Local police opened an investigation, and the administration said it is cooperating with authorities and revising its digital security protocols to prevent further incidents.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On March 1, 2025, the mayor of Mirassol D’Oeste, Hector Alvares, disclosed in a televised interview that the municipality had suffered a cyberattack resulting in the loss of approximately R$1.3 million from public funds. He explained that the Finance Secretariat first noticed irregular movements in the municipal accounts and immediately raised an alert. One of the banks involved managed to freeze two of the accounts before the fraudulent transfers could be completed, while a second financial institution did not have sufficient time to block the transactions. The discrepancy came to light when the municipal treasurer attempted to process a payment and discovered that the account balance was insufficient.
Upon reviewing the bank statements, officials identified at least three unauthorized transfers: a payment of R$192,456.89 to an individual, a payment of R$193,789.98 to a company, and a payment of R$191,200.17 to a pharmaceutical‑sector enterprise. An additional inquiry with Caixa Econômica Federal revealed a further transfer of R$650,000 to an account held at a private bank, bringing the total estimated loss to roughly R$1.3 million. The mayor noted that the accounting and treasury departments were destabilized by the incident, which prompted an immediate internal review of the transaction logs. The Civil Police of Mirassol d’Oeste confirmed that they had opened an investigation but declined to release further details to avoid compromising the ongoing diligence.
The municipal administration stated that it is cooperating fully with the police authorities and is concurrently revising its digital security protocols to prevent similar incidents in the future. At the time of the interview, the mayor had not confirmed whether the diverted funds could be recovered, emphasizing that the outcome would depend on the investigative process and any possible legal remedies. He stressed that the priority remained safeguarding public resources and restoring confidence in the municipality’s financial management. The statement concluded with an assurance that all available measures were being taken to address the breach and to strengthen the city’s cyber defenses.