In May 2025, the Integral Port Administration of Baja California Sur (API-BCS) suffered a cyberattack targeting its digital information systems. While the incident did not result in financial losses or theft of public resources, it caused temporary restricted access to digital data, disrupting operational workflows. Despite the breach, all fiscal year 2024 records remained secure in physical and accounting backups, ensuring no permanent data loss. Recovery efforts are ongoing, and API-BCS has formally requested a 30-day extension from the State Congress to meet financial reporting deadlines. The agency emphasized transparency and accountability, pledging regular updates to the public and regulatory bodies. The attack primarily affected system availability without compromising sensitive or financial data, though it necessitated administrative adjustments to maintain compliance.
Source: https://www.bcs.gob.mx/sin-afectaciones-economicas-ante-el-incidente-cibernetico-api-bcs/
TPRM report: https://www.rankiteo.com/company/apibcs
"id": "api507092125",
"linkid": "apibcs",
"type": "Cyber Attack",
"date": "6/2024",
"severity": "60",
"impact": "2",
"explanation": "Attack limited on finance or reputation"{'affected_entities': [{'industry': 'Transportation/Port Administration',
'location': 'Baja California Sur, Mexico',
'name': 'Integral Port Administration of Baja '
'California Sur (API-BCS)',
'type': 'Government Agency'}],
'date_detected': '2025-05',
'date_publicly_disclosed': '2025-05',
'description': 'The Integral Port Administration of Baja California Sur '
'(API-BCS) confirmed a cyberattack on its digital information '
'system in May 2025. The main impact was temporary restricted '
'access to digital data, though all fiscal year 2024 records '
'remain intact in physical and accounting backups. No '
'financial losses or public resource theft occurred. Data '
'recovery is ongoing, and API-BCS has formally requested a '
'30-day extension from the State Congress to ensure compliance '
'with financial reporting requirements.',
'impact': {'downtime': 'Ongoing (as of disclosure)',
'financial_loss': 'None reported',
'operational_impact': 'Temporary restricted access to digital '
'data; fiscal year 2024 records intact via '
'backups',
'systems_affected': ['Digital information system']},
'investigation_status': 'Ongoing (data recovery in progress)',
'regulatory_compliance': {'regulatory_notifications': ['Request for 30-day '
'extension from State '
'Congress for '
'financial reporting']},
'response': {'communication_strategy': ['Public updates',
'Transparency and accountability '
'commitments to oversight bodies'],
'recovery_measures': ['Request for 30-day extension from State '
'Congress for financial reporting '
'compliance'],
'remediation_measures': ['Data recovery ongoing']},
'stakeholder_advisories': ['Commitment to transparency and accountability; '
'continued updates to public and oversight bodies'],
'title': 'Cyberattack on Integral Port Administration of Baja California Sur '
'(API-BCS)',
'type': 'Cyberattack'}