Empresas Públicas de Medellín (EPM) reported that it is carrying out an investigation to establish the scope of a cybersecurity incident recorded in the contractor company SOLATI SAS, a situation that could have compromised information related to the organization’s portfolio processes.
The company explained that it was recently aware of the incident and that, from the first moment, it activated the internal monitoring, validation and risk management protocols to determine the possible consequences derived from the computer attack.
EPM specified that the incident did not occur directly in its technological infrastructure, but in a contractor company that provides services associated with some of its processes, which is why it began permanent coordination with that firm to evaluate the possible impacts.
The organization indicated that the current priority is to verify the exposed information and establish whether there are impacts on data linked to portfolio management.
Likewise, it indicated that it maintains constant monitoring while the technical procedures and corresponding verifications progress.
In the statement issued by the company, it was reported that the reviews carried out so far do not show a direct impact on EPM’s technological infrastructure.
According to the company, the platforms, applications and internal systems continue to operate normally and have not been compromised as a result of the incident reported by the contractor.
The entity highlighted that its specialized computer security teams carried out the corresponding validations to rule out violations within its technological ecosystem.
Likewise, it indicated that it continues to strengthen preventive monitoring efforts to identify any possible risk associated with the case.
The company insisted that the investigation is ongoing and that any developments will be communicated in a timely manner through its institutional channels.
The public alert came after information related to the case began to circulate in different digital spaces and social networks.
According to EPM, part of that information would have been disclosed by malicious actors who allegedly spread content associated with the security incident.
Given this situation, the company called on citizens to consult only official sources and avoid replicating information whose authenticity has not been verified.
The organization explained that during these types of events it is essential to resort to institutional communications to avoid the spread of rumors or inaccurate data that could cause confusion among users and clients.
In addition, it reiterated that any update related to the investigation will be published through its official information platforms.
EPM pointed out that these types of incidents show the importance of maintaining permanent protection mechanisms against increasingly sophisticated digital threats.
The company stated that it continues to strengthen its prevention, detection and response capabilities against possible cybersecurity risks, following standards and practices used internationally for the protection of information.
The organization highlighted that adequate management of technological risks has become a strategic priority to guarantee the continuity of services and the protection of data associated with its operations.
Although so far no specific details have been revealed about the nature of the information that could have been compromised or the magnitude of the possible data exposure, the company assured that it maintains permanent support for the contractor involved.
Technical verifications continue to be carried out with the aim of establishing precisely what information may have been affected and whether there is any impact on the processes associated with the organization’s portfolio.
The company reiterated that the analysis work is still in progress and that there is still no definitive balance on the scope of the incident.
While the investigations progress, EPM maintains its security and monitoring protocols active to determine any possible consequences derived from the cyberattack reported by the contractor company.
The entity indicated that it will continue to inform users, clients and citizens in general in a timely manner about any relevant developments related to the case.
For now, the main conclusion of the evaluations carried out indicates that EPM’s own systems remain operational and without direct effects, while the specialized teams advance in the detailed review of the incident and the potentially compromised information.
