One of world's largest water utility companies hit by ransomware attack — incident seems to have limited impact

News
By Sead Fadilpašić
published

Unnamed threat actor also thought to have stolen sensitive Veolia North America data

Ransomware
Image credit: Shutterstock (Image credit: Shutterstock)

A department in Veolia North America, a transnational company offering water, energy and waste recycling management services, suffered a ransomware attack which resulted in the theft of some personal data, and forced the company to take parts of its infrastructure offline.

In a press release published on the Veolia website, the company confirmed its Municipal Water division suffered an incident that forced the firm to take the targeted back-end systems and servers offline until they could be restored. 

“As a result, some customers experienced delays when using our online bill payment systems,” the release states.

Operations not affected

Since then, the systems have been restored, and any payments made during the attack have been applied. “Customers will not be penalized for late payments or charged interest on their bills due to this service interruption,” Veolia added.

Veolia North America provides water and wastewater services to some 550 communities. It also services industrial water for some 100 industrial facilities, treating more than 8 billion liters of water and wastewater every day. Still, the company says this attack didn’t affect its operations. 

Some personal data may have been stolen, though. “Those individuals who may have been impacted by this incident will be contacted directly by Veolia and provided additional information and assistance,” the company said in the announcement. There was no elaboration on who the impacted individuals are, or what type of data was taken. Given that this was a ransomware attack, it’s likely that the threat actors demanded ransom in exchange for the information. At this point there is no information on who the attackers are, what their demands are, or what the deadline is. 

Relevant authorities and law enforcement agencies have been notified of the attack, and external forensics teams were brought in to assist with the aftermath of the attack.

Via BleepingComputer

More from TechRadar Pro

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.