Major Water Companies in US, UK Hit by Ransomware Attack

Two major water companies, Veolia North America in the United States and Southern Water in the United Kingdom, have fallen victim to ransomware attacks, resulting in data breaches.

Veolia North America, self-described as the world's largest private player in the water sector, disclosed on its website that its Municipal Water division was hit by ransomware last week. In response, the company took down the targeted backend systems and servers, causing disruptions in online bill payment systems.

Veolia reassured the public that the incident appeared to be confined to their internal systems and had no evidence of impacting water or wastewater treatment operations. However, the personal information of a limited number of individuals may have been compromised, and the affected parties will be notified accordingly. As of now, no ransomware group has claimed responsibility for the attack on Veolia.

Data compromised & investigations initiated

On the other side of the Atlantic, Southern Water, a major water service provider in the UK, faced a similar ordeal. The Black Basta ransomware group targeted Southern Water and claimed to have stolen 750 GB of files, including personal information and corporate documents. The group threatened to make the data public unless a ransom is paid within five days.

Southern Water, in response, confirmed suspicious activity on its systems and initiated an investigation. The hackers posted screenshots indicating the acquisition of identification document scans, such as passports and driver's licenses.

Cybersecurity is Imperative for Safeguarding Critical Infrastructure

Despite the potential data breach, Southern Water asserted that its customer relationship and financial systems have not been impacted, and its services are operating normally. The company is currently investigating the claims made by the ransomware group.

This incident adds to the growing trend of cyber threats targeting the water sector in Western countries. In the past, hackers believed to be linked to the Iranian government targeted industrial control systems at multiple water facilities in the United States. Additionally, an incident in Ireland involved a cyberattack on a small utility, causing significant disruption and leaving people without water for two days. The water industry's vulnerability to cyber threats underscores the importance of robust cybersecurity measures to safeguard critical infrastructure and protect sensitive data.