top of page
  • Writer's pictureThe San Juan Daily Star

Authorities investigating cyberattack on water authority that compromised client, employee data

Puerto Rico Aqueduct and Sewer Authority Executive President Doriel Pagán Crespo

By The Star Staff

The Puerto Rico Aqueduct and Sewer Authority (PRASA), the Office of Innovation and Technology Services (PRITS), and the FBI in San Juan are actively working to solve a cyberattack carried out against the water authority last week, PRASA Executive President Doriel Pagán Crespo and PRITS Executive Director Nannette Martínez Ortiz announced Sunday.

“Last week, there was a computer security incident, specifically [a] cybersecurity [breach] against the authority’s platforms,” Pagán Crespo said. “Since the incident was detected, we have been working with the relevant authorities, the FBI and CISA [the federal Cybersecurity and Infrastructure Security Agency], specifically. Likewise, PRASA immediately activated its security protocols.”

So far, and as part of the investigation’s findings, officials confirmed that customer and employee information was compromised. However, the attack did not impact critical infrastructure due to the segmentation of the PRASA networks, they said.

Martínez Ortiz established that “as part of the sound governmental administration established by this government, we have agreements with the FBI where they are integrated immediately, and we share information in addition to receiving input on the protocols and the analysis of the evidence.”

The criminal organization responsible for the attack has already been identified at the national level.

“But unfortunately it is an aspect that we continue to handle globally due to how we handle information,” the PRITS executive director said. “At the moment, we are continuing to analyze the possible impact, the attack vector and its scope to issue a more detailed communication to the affected users.”

“Because this is an ongoing investigation, we cannot comment further,” Pagán Crespo said. “However, we assure all our clients that the services offered by the authority are still functional, and we continue working to provide quality and efficient service.”

“We encourage all of our customers to access their accounts and change their passwords regularly on the PRASA platform and all platforms with accounts,” she added.

The officials invited all citizens to visit the page to avoid becoming a cyberattack victim.

“As the investigation progresses and we can give more detailed information, impact and next steps, we will be sharing up-to-date information,” PRASA said in a press release.

185 views0 comments


bottom of page