Cyberattack cripples Contagem city systems for 12 days; mayor files police report

Public services disrupted affecting citizens' access to municipal documentation and fiscal records for nearly two weeks.
The betting redirects served as noise, obscuring the real work happening in the background.
Attackers misdirected users to online betting sites while attempting to access municipal databases.

Hackers disabled Contagem's municipal systems for 12 days, with revenue services down for nearly 3 days and users redirected to online betting sites. Mayor suspects internal involvement and contracted specialized audits; no data breaches confirmed yet but investigation ongoing with Civil Police.

  • Cyberattacks struck Contagem from May 18-29, 2026
  • Revenue system inoperative for nearly 3 days; broader systems unstable for the full 12-day period
  • Users redirected to online betting sites during attacks
  • Mayor suspects possible internal involvement; contracted specialized audit

Contagem's municipal government suffered coordinated cyberattacks from May 18-29, disabling revenue systems and redirecting users to betting sites. Mayor filed police report and contracted audits to investigate potential internal involvement.

On May 18, the city of Contagem, nestled in the metropolitan region of Belo Horizonte, began experiencing a series of coordinated cyberattacks that would cripple its municipal systems for nearly two weeks. The assault intensified through the following week, reaching its most destructive phase between May 25 and 29, when servers and administrative infrastructure suffered repeated failures. By the time Mayor Ricardo Faria walked into the Specialized Cybercrime Investigation Unit on June 1 to file a formal police report, the damage was already measured in days of lost service and unanswered questions about who had breached the city's defenses.

The attackers employed a misdirection tactic that revealed something about their intentions. When residents tried to access municipal websites, they were redirected to online betting platforms—a digital sleight of hand that Faria believed was designed to obscure the attackers' true objective: gaining access to sensitive information stored in the city's databases. The betting site redirects served as noise, a way to distract from the real work happening in the background. Whether that strategy succeeded remained unclear as the investigation began.

The disruption hit essential services hard. The municipal revenue office went dark for nearly three days, unable to issue tax receipts or collection documents that residents and businesses depend on. The broader network and server infrastructure remained unstable throughout most of the assault period, creating cascading problems across departments. Faria acknowledged the scope of the damage during a press conference, describing the previous week as bringing "enormous harm to public administration, particularly to services offered to the population." It was a careful way of saying that ordinary people had been locked out of ordinary transactions.

What made the situation more unsettling was the uncertainty about the source. Faria could not rule out the possibility that the attack had come from inside the municipal government itself—that someone with legitimate access to the systems had weaponized that access. No employees had been suspended, but the possibility remained open. To investigate both external and internal angles, the city contracted a specialized audit firm to produce technical reports that could help police identify the perpetrators and measure the damage. The Civil Police took the lead on the criminal investigation.

As of early June, the city had found no evidence that citizen data had been stolen or exposed, though investigators cautioned that the possibility had not been eliminated. The systems had been restored and were functioning normally again. In response, the municipal administration strengthened its digital security protocols and defensive measures, attempting to close whatever door the attackers had used to enter.

Contagem's experience was not unique. Three years earlier, in June 2021, hackers had breached Belo Horizonte's digital inspection system, leaving messages criticizing then-Mayor Alexandre Kalil and temporarily paralyzing the work of city inspectors. That attack, too, had prompted a police report and assurances that no data had been lost. Both incidents fit into a broader pattern of cyberattacks against Brazilian public institutions during that period, targeting courts, government agencies, and municipal systems. The vulnerability appeared systemic, and the attacks appeared recurring.

The previous week brought enormous harm to public administration, particularly to services offered to the population.
— Mayor Ricardo Faria
A Conversa do Hearth Outra perspectiva sobre a história
Inventor

Why would attackers redirect people to betting sites if their real goal was accessing databases?

Model

It's a distraction. If you're trying to steal data quietly, you don't want people noticing something is wrong. The betting redirects create noise—users complain about being sent to the wrong place, IT staff focus on that problem, while the actual breach happens in the background.

Inventor

Do they think someone inside the city government did this?

Model

They can't rule it out. That's what makes it harder. An insider would know the systems, know where the valuable data lives, know when security is lightest. It's why the mayor brought in an outside audit firm—to look at both possibilities at once.

Inventor

If no data was stolen, does that mean the attack failed?

Model

Not necessarily. They might have been interrupted. Or they might have gotten what they wanted and covered their tracks well enough that nobody's found it yet. The investigation is still early.

Inventor

Is this a new problem for Brazilian cities?

Model

No. Belo Horizonte got hit three years ago. It's a pattern. Municipal governments have critical systems but often don't have the security budgets that banks or corporations do. They're softer targets.

Inventor

What happens now?

Model

The police investigate, the audit firm produces reports, and Contagem tries to patch its defenses. But until they know how the attackers got in, they're essentially guessing at what to fix.

Fale Conosco FAQ