Puerto Rico vendor cyberattack hits three agencies
pOfficials say systems were restored and no data was stolen as independent reporting points to ransomware and partial outagesppPuerto Rico officials say a Thanksgivingweek cyberattack on IT contractor Truenorth Corporation briefly disrupted systems at three major agencies but did not compromise citizen data even as independent reporting describes a broader ransomware incidentppTruenorth Corporation an IT services firm that runs key systems for multiple Puerto Rico government agencies was the target of the attack which rippled into the Department of Education the Puerto Rico Health Insurance Administration ASES and the State Insurance Fund Corporation CFSE officials and local media said Truenorth holds informationsystems contracts with about 14 agencies including the State Elections Commission which authorities say was not affectedppAccording to technology outlet InDiario citing a highlevel cybersecurity source the incident began on Tuesday Nov 25 when a ransomware attack was detected against Truenorth and quickly impacted systems used by CFSE ASES and Education The source told the outlet the intrusion started with compromised credentials for a privileged vendor account a pattern seen in recent attacks on state and local governmentspp
Chip in once
If this reporting helped you a onetime tip helps cover hosting tools and future investigations
pp
Support us monthly
A small monthly pledge keeps independent coverage and our reader tools online for everyone
ppThe government did not acknowledge the incident publicly until a press conference at La Fortaleza on Tuesday Dec 2 Primera Hora reported that Secretary of the Governorship Francisco Domenech said teams had been working from Thursday to Sunday over the Thanksgiving holiday but that it was not until today Tuesday that they made the incident publicppIn statements to El Nuevo Día Metro and other outlets Domenech stressed that the hack was directed at Truenorth rather than the government itself and that only three of the companys publicsector clients were affected He said security controls overseen by the Puerto Rico Innovation and Technology Service or PRITS protected the data of the citizens that the attack did not prevent the agencies from operating and that there was no scenario in which databases were taken hostage for ransomppDomenech described an incident in which some databases and systems were knocked offline but later restored from daily backups and reinstalled and he said staff from PRITS and the three affected agencies worked through the holiday weekend to verify that no citizen information had been accessed He repeatedly told reporters that services to the public were not affected and that the rapid response prevented the attack from spreading to other parts of the government networkppInDiarios reporting however provides a more detailed and more disruptive picture The outlet again citing an unnamed cybersecurity source says more than 150 Windows and Linux servers at CFSE may have been compromised disrupting financial systems service platforms for injured workers public portals and internal tools At ASES roughly 30 servers were described as affected impacting databases and communications that support Puerto Ricos government health plan Education reportedly saw about 11 servers go down causing failures in dailyuse platforms such as PowerSchool time and attendance tools and other schoolmanagement systemsppAcross the three agencies the source told InDiario that availability of some systems was partial or intermittent rather than a total blackout and that PRITS was forced to activate its emergency cyber response bringing in federal partners including the Cybersecurity and Infrastructure Security Agency CISA and the FBI to help contain and investigate the incident The article warns of potential exfiltration of personally identifiable information and says agencies were in a phased stabilization and restoration process that could extend due to the number of compromised servers and platformsppOfficials have not publicly confirmed that ransomware was involved and have avoided the term but they have acknowledged that attackers tried to disrupt databases and that protections prevented those systems from being encrypted and held for ransom InDiarios source explicitly calls the incident a ransomware attack so references to ransomware in this story are based on that independent reporting not on government statementsppDomenech said forensic analysis is underway to identify the vulnerabilities exploited through the company and to strengthen protections at the three agencies and across other Truenorthconnected systems As of the latest public statements the government maintains that citizenfacing services at Education ASES and CFSE are operating normally and that there is no confirmed evidence that citizen data was stolen though officials have said they will notify the public if forensics later show data exposureppThe Truenorth case follows another highprofile government cyber incident earlier in the year In May the Puerto Rico Department of Justice disclosed a cyberattack on the Criminal Justice Information System SIJCPR that temporarily suspended online criminal record certificate services while PRITS investigated and restored the systemsppThe incident lands amid an escalating cyber risk environment for Puerto Ricos public sector PRITS reported detecting and blocking hundreds of millions of attempted cyberattacks on government platforms in recent years Law 402024 the territorys new cybersecurity statute created a chief cybersecurity officer role and formalized PRITS responsibility to investigate and publish statistics on cyber incidents across agencies including those involving contractors Puerto Rico has also dealt with previous attacks on its Senate and Treasury underscoring the growing pressure on critical government servicesppPuerto Rico a US territory whose central government relies on shared IT services and a small set of core vendors has been positioning PRITS and a new Puerto Rico Cyber Force initiative as the front line for defending education justice health and labor systems against increasingly frequent cyberattacksppA collaborative project to bring you the latest cyberattacks impacting the availability of services and goods in the United Statespp
District cancels Tuesday classes after taking network offline parent email cites ransomware while Facebook post mentions only closure
pp
District says Google domain problem is disrupting email and could generate phishing from school accounts
pp
West Pierce Fire Rescue says 911 and emergency response remain fully operational while it works with the FBI
pp
Network security issues shut branches and website across Deschutes County as officials probe suspected breach
pp
Rhysida claim appears on ransomware tracking site but tribe has not confirmed an attack
pp
PRwire hack claim meets stable DNS records conflicting details and a bounced press inbox
pp
Guest contribution by Joseph Topping security researcher The views expressed are solely the authors and do not represent any employer agency or organization He writes in a personal capacity
ppppGreat Check your inbox and click the linkppSorry something went wrong Please try againpp
Rhysida claim appears on ransomware tracking site but tribe has not confirmed an attack
pp
Medical marijuana regulator faces weeks of portal trouble as Oklahomas cybersecurity unit reviews the system and officials flatly reject hack rumors
pp
Explicit AI links on Washington wagov pages tie into a wider pattern of public upload abuse and SEO spam affecting government sites in multiple states
pp
City says invoices permits and hiring systems still face workarounds as investigators probe November network intrusion
pp
District cancels Tuesday classes after taking network offline parent email cites ransomware while Facebook post mentions only closure
pp
Network security issues shut branches and website across Deschutes County as officials probe suspected breach
pp
How we use documented disruption and DDCIT to focus on US incidents that actually break services
pp
Medical marijuana regulator faces weeks of portal trouble as Oklahomas cybersecurity unit reviews the system and officials flatly reject hack rumors
p
Chip in once
If this reporting helped you a onetime tip helps cover hosting tools and future investigations
pp
Support us monthly
A small monthly pledge keeps independent coverage and our reader tools online for everyone
ppThe government did not acknowledge the incident publicly until a press conference at La Fortaleza on Tuesday Dec 2 Primera Hora reported that Secretary of the Governorship Francisco Domenech said teams had been working from Thursday to Sunday over the Thanksgiving holiday but that it was not until today Tuesday that they made the incident publicppIn statements to El Nuevo Día Metro and other outlets Domenech stressed that the hack was directed at Truenorth rather than the government itself and that only three of the companys publicsector clients were affected He said security controls overseen by the Puerto Rico Innovation and Technology Service or PRITS protected the data of the citizens that the attack did not prevent the agencies from operating and that there was no scenario in which databases were taken hostage for ransomppDomenech described an incident in which some databases and systems were knocked offline but later restored from daily backups and reinstalled and he said staff from PRITS and the three affected agencies worked through the holiday weekend to verify that no citizen information had been accessed He repeatedly told reporters that services to the public were not affected and that the rapid response prevented the attack from spreading to other parts of the government networkppInDiarios reporting however provides a more detailed and more disruptive picture The outlet again citing an unnamed cybersecurity source says more than 150 Windows and Linux servers at CFSE may have been compromised disrupting financial systems service platforms for injured workers public portals and internal tools At ASES roughly 30 servers were described as affected impacting databases and communications that support Puerto Ricos government health plan Education reportedly saw about 11 servers go down causing failures in dailyuse platforms such as PowerSchool time and attendance tools and other schoolmanagement systemsppAcross the three agencies the source told InDiario that availability of some systems was partial or intermittent rather than a total blackout and that PRITS was forced to activate its emergency cyber response bringing in federal partners including the Cybersecurity and Infrastructure Security Agency CISA and the FBI to help contain and investigate the incident The article warns of potential exfiltration of personally identifiable information and says agencies were in a phased stabilization and restoration process that could extend due to the number of compromised servers and platformsppOfficials have not publicly confirmed that ransomware was involved and have avoided the term but they have acknowledged that attackers tried to disrupt databases and that protections prevented those systems from being encrypted and held for ransom InDiarios source explicitly calls the incident a ransomware attack so references to ransomware in this story are based on that independent reporting not on government statementsppDomenech said forensic analysis is underway to identify the vulnerabilities exploited through the company and to strengthen protections at the three agencies and across other Truenorthconnected systems As of the latest public statements the government maintains that citizenfacing services at Education ASES and CFSE are operating normally and that there is no confirmed evidence that citizen data was stolen though officials have said they will notify the public if forensics later show data exposureppThe Truenorth case follows another highprofile government cyber incident earlier in the year In May the Puerto Rico Department of Justice disclosed a cyberattack on the Criminal Justice Information System SIJCPR that temporarily suspended online criminal record certificate services while PRITS investigated and restored the systemsppThe incident lands amid an escalating cyber risk environment for Puerto Ricos public sector PRITS reported detecting and blocking hundreds of millions of attempted cyberattacks on government platforms in recent years Law 402024 the territorys new cybersecurity statute created a chief cybersecurity officer role and formalized PRITS responsibility to investigate and publish statistics on cyber incidents across agencies including those involving contractors Puerto Rico has also dealt with previous attacks on its Senate and Treasury underscoring the growing pressure on critical government servicesppPuerto Rico a US territory whose central government relies on shared IT services and a small set of core vendors has been positioning PRITS and a new Puerto Rico Cyber Force initiative as the front line for defending education justice health and labor systems against increasingly frequent cyberattacksppA collaborative project to bring you the latest cyberattacks impacting the availability of services and goods in the United Statespp
District cancels Tuesday classes after taking network offline parent email cites ransomware while Facebook post mentions only closure
pp
District says Google domain problem is disrupting email and could generate phishing from school accounts
pp
West Pierce Fire Rescue says 911 and emergency response remain fully operational while it works with the FBI
pp
Network security issues shut branches and website across Deschutes County as officials probe suspected breach
pp
Rhysida claim appears on ransomware tracking site but tribe has not confirmed an attack
pp
PRwire hack claim meets stable DNS records conflicting details and a bounced press inbox
pp
Guest contribution by Joseph Topping security researcher The views expressed are solely the authors and do not represent any employer agency or organization He writes in a personal capacity
ppppGreat Check your inbox and click the linkppSorry something went wrong Please try againpp
Rhysida claim appears on ransomware tracking site but tribe has not confirmed an attack
pp
Medical marijuana regulator faces weeks of portal trouble as Oklahomas cybersecurity unit reviews the system and officials flatly reject hack rumors
pp
Explicit AI links on Washington wagov pages tie into a wider pattern of public upload abuse and SEO spam affecting government sites in multiple states
pp
City says invoices permits and hiring systems still face workarounds as investigators probe November network intrusion
pp
District cancels Tuesday classes after taking network offline parent email cites ransomware while Facebook post mentions only closure
pp
Network security issues shut branches and website across Deschutes County as officials probe suspected breach
pp
How we use documented disruption and DDCIT to focus on US incidents that actually break services
pp
Medical marijuana regulator faces weeks of portal trouble as Oklahomas cybersecurity unit reviews the system and officials flatly reject hack rumors
p
