Puerto Rico officials say a Thanksgiving-week cyberattack on IT contractor Truenorth Corporation briefly disrupted systems at three major agencies but did not compromise citizen data, even as independent reporting describes a broader ransomware incident.
Truenorth Corporation, an IT services firm that runs key systems for multiple Puerto Rico government agencies, was the target of the attack, which rippled into the Department of Education, the Puerto Rico Health Insurance Administration (ASES) and the State Insurance Fund Corporation (CFSE), officials and local media said. Truenorth holds information-systems contracts with about 14 agencies, including the State Elections Commission, which authorities say was not affected.
According to technology outlet InDiario, citing a high-level cybersecurity source, the incident began on Tuesday, Nov. 25, when a ransomware attack was detected against Truenorth and quickly impacted systems used by CFSE, ASES and Education. The source told the outlet the intrusion started with compromised credentials for a privileged vendor account, a pattern seen in recent attacks on state and local governments.
The government did not acknowledge the incident publicly until a press conference at La Fortaleza on Tuesday, Dec. 2. Primera Hora reported that Secretary of the Governorship Francisco Domenech said teams had been working “from Thursday to Sunday” over the Thanksgiving holiday but that “it was not until today, Tuesday, that they made the incident public.”
In statements to El Nuevo Día, Metro and other outlets, Domenech stressed that the “hack” was directed at Truenorth rather than the government itself and that only three of the company’s public-sector clients were affected. He said security controls overseen by the Puerto Rico Innovation and Technology Service, or PRITS, “protected the data of the citizens,” that the attack did not prevent the agencies from operating and that there was no scenario in which databases were taken hostage for ransom.
Domenech described an incident in which some databases and systems were knocked offline but later restored from daily backups and “reinstalled,” and he said staff from PRITS and the three affected agencies worked through the holiday weekend to verify that no citizen information had been accessed. He repeatedly told reporters that services to the public “were not affected” and that the rapid response prevented the attack from spreading to other parts of the government network.
InDiario’s reporting, however, provides a more detailed and more disruptive picture. The outlet, again citing an unnamed cybersecurity source, says more than 150 Windows and Linux servers at CFSE may have been compromised, disrupting financial systems, service platforms for injured workers, public portals and internal tools. At ASES, roughly 30 servers were described as affected, impacting databases and communications that support Puerto Rico’s government health plan. Education reportedly saw about 11 servers go down, causing failures in daily-use platforms such as PowerSchool, time and attendance tools and other school-management systems.
Across the three agencies, the source told InDiario that availability of some systems was “partial or intermittent” rather than a total blackout and that PRITS was forced to activate its emergency cyber response, bringing in federal partners including the Cybersecurity and Infrastructure Security Agency (CISA) and the FBI to help contain and investigate the incident. The article warns of potential exfiltration of personally identifiable information and says agencies were in a phased stabilization and restoration process that could extend due to the number of compromised servers and platforms.
Officials have not publicly confirmed that ransomware was involved and have avoided the term, but they have acknowledged that attackers tried to disrupt databases and that protections prevented those systems from being encrypted and held for ransom. InDiario’s source explicitly calls the incident a ransomware attack, so references to ransomware in this story are based on that independent reporting, not on government statements.
Domenech said forensic analysis is underway to identify the vulnerabilities exploited “through the company” and to strengthen protections at the three agencies and across other Truenorth-connected systems. As of the latest public statements, the government maintains that citizen-facing services at Education, ASES and CFSE are operating normally and that there is no confirmed evidence that citizen data was stolen, though officials have said they will notify the public if forensics later show data exposure.
The Truenorth case follows another high-profile government cyber incident earlier in the year. In May, the Puerto Rico Department of Justice disclosed a cyberattack on the Criminal Justice Information System (SIJC-PR) that temporarily suspended online criminal record certificate services while PRITS investigated and restored the systems.
The incident lands amid an escalating cyber risk environment for Puerto Rico’s public sector. PRITS reported detecting and blocking hundreds of millions of attempted cyberattacks on government platforms in recent years. Law 40-2024, the territory’s new cybersecurity statute, created a chief cybersecurity officer role and formalized PRITS’ responsibility to investigate and publish statistics on cyber incidents across agencies, including those involving contractors. Puerto Rico has also dealt with previous attacks on its Senate and Treasury, underscoring the growing pressure on critical government services.
Puerto Rico, a U.S. territory whose central government relies on shared IT services and a small set of core vendors, has been positioning PRITS and a new Puerto Rico Cyber Force initiative as the front line for defending education, justice, health and labor systems against increasingly frequent cyberattacks.
_(cropped).jpg){kind=link}