SAT Hit by Cyber-Attack

Mexico’s Tax Administration Service (SAT) was victim of a cyber-attack on Wednesday, the institution reported. SAT says data is safe and no users’ information was lost. According to El Economista, SAT said that the security protocols it has in place to protect its data worked as planned.

This is the third cyber-attack on one of Mexico’s major public institutions in a week. Earlier this week, both Banxico and the National Commission for the Protection and Defense of Financial Services Users (CONDUSEF) were attacked.

Cyber security has become a greater concern in Mexico over the last few years and this week’s events are not isolated incidents. At the end of last year, national oil company PEMEX was hacked. Reuters reports that the hack forced the company to “shut down computers across Mexico, freezing systems such as payments, according to five employees and internal emails.” However, the company said in a statement that the hack had affected less than 5 percent of its system.

In 2018, SPEI – the Electronic Interbank Payment System used to move funds digitally between institutions and operated by Banxico – was hacked with a cost of MX$300 million (some US$13.28 million at today’s exchange rate) in what Banxico Governor Alejandro Díaz de León described as “irregular movements.” According to Excelsior, five financial institutions had been hit by the attacks. “Attackers sought to violate the institutions’ connections with SPEI, inserting fraudulent payment instructions from non-existent accounts, which affects the transactional accounts of SPEI participants,” the governor said at the time.

In 2018, 92 percent of Mexican companies were victim of at least one cyber-attack. Most were carried out through malware and 25 percent of those attacks came from within Mexico, El Universal reports.

Eduardo Rico, Engineering Director at Symantec Mexico, told El Universal in January last year that the country has a reactive rather than proactive approach to cyber security. “From our point of view, not enough is being done on the part of all players involved to prevent this. We usually think in terms of post-conflict prevention, meaning that it is not until after the attack that we worry about what we do.”

CEO of Symantec Mexico Adriana García added that Mexico had not yet implemented adequate security models to protect the assets of government and its citizens. “The new government will have to maintain continuity in terms of cyber security, which has become a critical issue since an attack could potentially paralyze government institutions,” warned García.