Cyberattack downs PF and PRF systems, deletes officer debt records

Police operations compromised affecting law enforcement capacity; driver records deletion impacts public safety database integrity.
Significant portions of the database had been erased.
Police officials initially denied the breach caused data loss, but sources revealed the true scope of the attack.

Em dezembro de 2021, hackers atingiram os sistemas internos da Polícia Federal e da Polícia Rodoviária Federal do Brasil, apagando registros sensíveis e paralisando infraestruturas críticas num momento em que outras instituições governamentais também sofriam ataques semelhantes. O que distinguiu essa invasão foi a precisão cirúrgica dos alvos escolhidos: dívidas de servidores com o governo federal e registros de condutores — dados que sustentam tanto a integridade institucional quanto a segurança pública. Como tantos momentos de ruptura tecnológica, o incidente revelou não apenas uma falha técnica, mas uma vulnerabilidade mais profunda na relação entre o Estado e a confiança que os cidadãos depositam em suas instituições.

  • Em 10 de dezembro, ransomware derrubou simultaneamente dois servidores distintos da PF e da PRF, maximizando o alcance da destruição e sugerindo operadores com conhecimento preciso dos sistemas atacados.
  • Registros de dívidas de policiais com o governo federal foram permanentemente apagados, levantando suspeitas imediatas de que o ataque não foi aleatório — alguém sabia exatamente o que destruir.
  • A exclusão de dados de condutores abriu uma lacuna perigosa nas bases que sustentam operações diárias de fiscalização e segurança nas estradas brasileiras.
  • Autoridades inicialmente negaram o comprometimento dos dados, mas fontes próximas à investigação contrariaram a versão oficial, expondo a opacidade institucional diante da crise.
  • Os sistemas permaneceram offline dias após o ataque, com técnicos trabalhando na restauração enquanto a pergunta central permanecia sem resposta: os backups existiam e estavam íntegros?
  • O episódio se encaixou num padrão alarmante — a mesma semana registrou ataques ao Ministério da Saúde e outras agências, sinalizando pressão coordenada ou uma janela de vulnerabilidade sendo explorada por múltiplos agentes.

No dia 10 de dezembro, hackers invadiram os sistemas da Polícia Federal e da Polícia Rodoviária Federal, derrubando infraestruturas críticas e apagando registros sensíveis. O ataque fazia parte de uma onda mais ampla que já havia atingido o Ministério da Saúde, onde dados de vacinação foram destruídos. Mas a invasão às polícias tinha uma característica perturbadora: os criminosos escolheram com precisão o que deletar — registros de dívidas de servidores com o governo federal e informações sobre condutores armazenadas nos bancos de dados institucionais.

Os sistemas foram desligados e assim permaneceram. Autoridades inicialmente minimizaram o comprometimento dos dados, mas fontes próximas à investigação revelaram o contrário: parcelas significativas das bases haviam sido apagadas. A expectativa de retomada ainda naquele dia logo cedeu lugar à incerteza sobre o que poderia ser recuperado a partir de backups — se é que eles existiam e estavam íntegros.

O ransomware utilizado agiu sobre duas redes de servidores distintas simultaneamente, ampliando o escopo do dano. A precisão do ataque levantou questões sobre o nível de conhecimento prévio que os invasores tinham dos sistemas policiais. A exclusão dos registros de dívidas de servidores foi especialmente intrigante: alguém havia identificado e destruído obrigações financeiras de policiais com o Estado — um alvo específico demais para ser acidental.

A perda dos registros de condutores agravou o problema. Esses dados são fundamentais para operações cotidianas de fiscalização e segurança viária. Sem eles, as polícias operavam às cegas em funções essenciais ao público. Dias após o ataque, a recuperação ainda era incerta, e o silêncio dos sistemas expunha uma verdade difícil: a infraestrutura digital do Estado brasileiro estava vulnerável, e quando falha, as consequências se espalham por toda a sociedade que dela depende.

On December 10th, hackers breached the internal systems of Brazil's Federal Police and Highway Police, taking down critical infrastructure and erasing sensitive records in the process. The attack was part of a broader wave of cyberattacks that had already struck other government agencies, including the Health Ministry, where vaccination data was wiped. But what made the police breach particularly damaging was what the attackers chose to delete: records of officers carrying active debts to the federal government, along with driver information stored in the departments' databases.

The systems went dark and stayed that way. By the time news outlets began reporting on the incident, the damage was already done. Officials initially suggested the data had not been compromised, but sources close to the investigation told reporters otherwise. Significant portions of the database had been erased. The expectation at the time was that systems might come back online by that afternoon, though no one could say with certainty whether what had been lost could be recovered from backups.

The attackers appear to have used ransomware—a type of malicious software that locks down or destroys data across multiple server networks simultaneously. In this case, the criminals had targeted two separate server networks within the police infrastructure, maximizing the scope of what they could access and delete. The precision of the attack suggested either detailed prior knowledge of the police systems or the work of sophisticated operators who knew exactly where to look.

What made this breach particularly troubling was not just the technical disruption but the specific nature of what vanished. The deletion of debt records for officers raised immediate questions about whether the attack was random or targeted. Someone had gone to the trouble of identifying and erasing financial obligations owed by police personnel to the state. The loss of driver records compounded the problem—those databases are foundational to law enforcement operations and public safety infrastructure. Without them, the police lost access to critical information they rely on daily.

The broader context mattered too. This was not an isolated incident. The same week saw attacks on multiple government agencies, suggesting either a coordinated campaign or a window of vulnerability that multiple threat actors were exploiting simultaneously. The Health Ministry's experience with vaccination data deletion showed that critical government infrastructure was under sustained pressure. The police breach fit into a pattern of escalating attacks on the institutions Brazilians depend on.

Days after the initial breach, uncertainty still hung over recovery efforts. The systems remained offline. Technicians were working to restore operations, but the fundamental question remained unanswered: could the deleted data be retrieved? If backups existed and were uncorrupted, there was hope. If not, the loss would be permanent. For the officers whose debt records were erased, the implications were unclear. For the public, the deletion of driver records meant a gap in a database that law enforcement and traffic authorities use to keep roads safe and enforce regulations.

The incident exposed a hard truth about government cybersecurity in Brazil: critical systems were vulnerable to attack, and when breaches occurred, the consequences rippled outward in ways that affected both the institutions themselves and the people who depended on them. The police could not fully function without their systems. The public could not be served by law enforcement operating in the dark.

Officials claimed data was not affected, but significant information was clearly deleted. Systems were expected to return online, but recovery of lost data remained uncertain.
— Source familiar with the investigation, speaking to R7
A Conversa do Hearth Outra perspectiva sobre a história
Inventor

Why would attackers specifically target police debt records? That seems oddly precise for a ransomware operation.

Model

That's the question everyone was asking. It could be coincidence—they hit everything and those records just happened to be there. Or it could mean someone with knowledge of the system knew exactly what they wanted gone. Either way, it suggests the attack wasn't random noise.

Inventor

And the driver records—those seem like they'd be harder to replace than financial data.

Model

Much harder. Those are operational records. Police use them constantly. Losing them doesn't just delete information; it breaks the machinery of law enforcement itself. You can't run traffic stops or investigations the same way without access to who's licensed to drive.

Inventor

Was this part of a larger campaign against the government?

Model

It happened the same week as the Health Ministry attack. The vaccination database got hit too. So either multiple groups were exploiting the same vulnerability at the same time, or this was coordinated. Either way, it showed the government's defenses were porous.

Inventor

Could they recover the data?

Model

That was the uncertainty. If backups existed and hadn't been corrupted, yes. If not, it was gone. And no one seemed to know for certain which it was.

Inventor

What does that mean for the officers whose debts disappeared?

Model

That's the strange part. Their obligations to the state were erased from the system. Whether that meant they were actually forgiven or just lost in the chaos—that would take time to sort out.

Quer a matéria completa? Leia o original em Brasil 247 ↗
Fale Conosco FAQ