PREPA
| Primary URL | Location | Industry | www[.]prepa[.]pr[.]gov |
Country
Puerto Rico
|
Utilities
|
|---|
Profile
Puerto Rico’s power utility, PREPA, serves as the primary electricity provider for the territory, responsible for the generation, transmission, and distribution of electrical power across the island. The organization operates within the critical infrastructure sector, managing the grid that supports residential, commercial, and public services for Puerto Rico’s population. In April 2018, PREPA experienced a significant cybersecurity incident involving unauthorized financial transactions, which prompted an investigation by the Federal Bureau of Investigation. The breach was contained without compromising sensitive customer data or disrupting the continuous delivery of electrical service to consumers. This event underscored the persistent threat of cyberattacks targeting essential utility systems, even when operational continuity is maintained. The incident’s initial assessment indicated no immediate risk to consumer information or grid functionality, though the full scope remained under review by authorities and the utility’s security teams.
Following the attack, PREPA actively collaborated with federal law enforcement and external cybersecurity professionals to mitigate the incident and conduct a thorough forensic analysis. This partnership was instrumental in understanding the attack vector and preventing further unauthorized access. The utility subsequently implemented measures to strengthen its system defenses, addressing vulnerabilities exposed during the event. The 2018 cyberattack highlighted the evolving security challenges faced by critical infrastructure providers, demonstrating that financial systems within utility networks can be targeted independently of operational control systems. PREPA’s response emphasized the importance of coordinated incident response protocols between public utilities and government agencies. The situation served as a case study in managing cyber threats that test financial and operational resilience without causing widespread service outages, reinforcing the need for continuous security enhancements in the energy sector.