Cyber Incident Victim: Costa Rican Social Security Fund

On or around April 10, 2022, during the Domingo Santo holiday period, the Caja Costarricense de Seguro Social (CCSS) experienced a cyberattack targeting its Human Resources portal. The attack was part of a broader campaign by the Russian-linked hacker group Conti against Costa Rican government institutions. The HR portal, accessible at https://rrhh.ccss.sa.cr/, became completely inaccessible to both CCSS personnel and external users following the breach. This outage prevented all online HR functions and necessitated immediate intervention by the institution’s IT department. CCSS technical experts took the system offline to conduct a forensic analysis and assess the scope of damage caused by the intrusion. The incident marked the fourth major attack by Conti within days, following breaches at the Ministry of Finance, the National Meteorological Institute, and state telecom provider Racsa.

Conti claimed responsibility for the coordinated attacks and escalated its ransom demand to $10 million from the Costa Rican government, threatening further disruptions if unpaid. The CCSS breach specifically impacted the HR portal’s availability but did not initially disclose evidence of data exfiltration or compromised employee records. Institutional response focused on containment through system isolation while investigators evaluated technical impacts. The attack paralleled intrusions at other agencies including the Ministry of Public Education’s Integra 2 platform and the Ministry of Finance’s ATV and Tica systems, indicating a sustained targeting of critical government infrastructure. Conti asserted it possessed one terabyte of stolen taxpayer data from the Finance Ministry, amplifying pressure on national authorities during the multi-agency crisis.