Security incidents increased by 6% last year, compared to 2024, to 87, with the blackout on April 28 being one of them, as it affected the resilience of networks, the National Communications Authority (Anatel) announced this Thursday, 16th.
“The year 2025 was marked by the incident that occurred on April 28, called blackout, and, globally, the trend observed in 2024 continued, of a slight increase in the total number of security incidents notified to Anacom by companies, in a total of 87 incidents, five more than in the previous year”, says the regulator.
Failure to supply goods or services by third parties, such as power cuts, “and accidents or natural phenomena were the origin of most notifications received by the Notification Reporting Center (CRN) in 2025”, says Anacom.
“Together with the malicious attack, in second place, and with the maintenance or failure of ‘hardware’ or ‘software’, in third place, these causes represent almost all of the reported security incidents (98%), namely due to power failures, cuts in fiber optic cables, system/equipment breakdowns and scheduled service interruptions for maintenance work”, continues the regulator, in the statement.
In 10 years, between 2015 and 2025, “incidents attributable to causes associated with factors external to the sector had a preponderance of more than 77%”.
The regulator also highlighted that there was “a greater number of incidents reported to Anacom in the 1st and 2nd quarters of 2025, with the 2nd quarter being the one in which the highest number of notifications was recorded”.
However, compared to previous years, “a more uniform distribution of security incidents is observed throughout the year”.
Most security incidents “simultaneously impacted more than one publicly accessible electronic communications service.”
Fixed telephone and fixed Internet services “were the most affected, with 59% of total security incidents, followed by subscription TV services (46%)”.
In 2025, the total duration of the impact was 2,412 hours, compared to 2,570 hours a year earlier.
At the same time, there was “a significant increase in the total number of affected subscribers/accesses, from 1.9 million to 14.6 million, a figure that is essentially due to the blackout”.
As for the average duration of impact per incident, there was a drop last year compared to 2024, “going from 57 to around 37 hours”.
Of the 87 security incidents, “5 were national in scope, while the others had a significant impact on networks and services in districts in mainland Portugal”.
Anacom Security Regulation No. 303/2019, published on April 1, 2019, establishes in paragraph 1 of article 23 that electronic communications companies must inform the public in the event of major impact incidents.
Regarding the 87 incidents recorded in 2025, information was provided to the public in 21 cases.
Leave a Reply