Cyberattacks on Puerto Rico government offices have been recurrent
SAN JUAN — During the last four years there have been at least five occasions in which Puerto Rico government agencies have been the victims of cyberattacks—most of which occurred during the first months of the year—that have cost millions of dollars in public funds.
The most recent cyberattack, made public on Thursday, involved a $1.5 million transaction by the Puerto Rico Tourism Co. Reportedly, however, the commonwealth Police Department’s Special Investigation Bureau is looking into several complaints from different public agencies.
The Puerto Rico Industrial Development Co. (Pridco) revealed Wednesday that a $2.61 million transaction was made after receiving an email from an alleged hacker. In January, the Puerto Rico Government Employees Retirement System denounced another fraudulent transaction involving hackers that compromised $63,000 in public funds.
But these cyberattacks are not new. In August 2018 then General Services Administration chief Ottmar Chávez Piñero reported that the agency’s Single Registry of Bidders online platform had suffered a cyberattack. In March 2018 the government admitted to being the victim of two cyberattacks in less than 24 hours that blocked public officials’ access to the information systems of both the Puerto Rico Electric Power Authority (Prepa) and the Environmental Quality Board (EQB).
Moreover, in March 2017, the commonwealth Treasury Department’s system was affected for several days and the government coffers ceased receiving millions of dollars in tax revenue. At the time, then-Chief Information Officer Luis Arocho confirmed to the Center for Investigative Journalism that a lack of an adequate cybersecurity policy was responsible for the cyberattacks of these systems.
At the time, the government hired the Washington-based firm CompSec Direct to study the problem and prepare for future attacks. However, the security project to prevent cyberattacks on the government’s interagency network was halted in 2016.
Caribbean Business left requests for comment Thursday for Government Innovation & Technology Office Director Glorimar Ripoll.
Resident Commissioner Reacts
Resident Commissioner Jenniffer González Colón said Thursday she was surprised by the government’s transfer of millions of dollars to fraudulent accounts and added that the situation “casts a terrible shadow” on how things are done in Puerto Rico
“When I read the news I initially could not believe it. I thought it was someone’s joke, that in this day and age, the government of Puerto Rico makes transfers of $2.6 million simply because it receives an email,” she told reporters after the inauguration of the new local FBI office. “This calls for in immediate internal investigation, not only to recover the money, but to determine if there were protocols, if they were followed or not. And if that is the protocol, then it must be changed.”
González acknowledged that the incident is a “big cloud” that affects the commonwealth’s credibility when requesting federal funding.
“I would like to say it does not, but a transfer of that magnitude raises a terrible shadow over the processes in Puerto Rico,” she said.
Puerto Rico Police said that a complaint was filed Wednesday at 3:07 p.m. by the Pridco finance director alleging that more than $2 million in remittances were sent to a fraudulent account. In the complaint, Rubén Rivera López alleged that a stranger sent an email to the agency informing of the supposed change of the account for payment of remittances.
The police report states that on Jan. 17, a payment in the amount of $2,609,495.67 was made to the aforementioned account, which turned out to be fraudulent overseas account. The payment reportedly was supposed to be made to the commonwealth retirement system as part of the monthly pay-as-you-go (PayGo) remittances.
New Progressive Party Rep. Félix Lassalle Toro, chairman of the House Public Security Committee, introduced Wednesday a resolution to investigate the alleged electronic fraud at Pridco and at the government retirement system. The lawmaker, who represents District 16 encompassing the municipalities of San Sebastián, Las Marías and Isabela, said the committee will summon to an executive hearing network security engineers, agency public security officials and technology company executives to delineate strategies to prevent the hacking of government systems.
“We will be conducting a deep investigation of what just happened at Pridco and Retirement to not only assign responsibility to those who failed, but also ensure that this does not happen again,” the lawmaker said in a statement. “The people have a right to know, in a transparent way, all that has occurred in this case.”
The secretary of the Puerto Rico Economic Development & Commerce Department, Manuel Laboy, announced Thursday that he would hold a press conference Friday morning to address questions concerning the Pridco transaction.
Cybernews contributed to this report.