Veolia North America’s Municipal Water division has been affected by a cyberattack.
Veolia announced on January 19 that a ransomware attack affected some of the division’s software applications and systems. The company stated that some individuals’ “personal information was potentially impacted.”
Veolia told WaterWorld that it was unable to provide more information about the personal information impacted at this time. Cyberattacks bring a risk of leaking sensitive personal information to attackers, such as social security numbers.
In response to the ransomware incident, Veolia also shared that it had taken back-end systems and servers offline until they could be restored. This led to disruptions to its online bill payment systems, temporarily affecting customers’ ability to pay water bills.
Veolia serves more than 200 communities across America, operating as both a regulated utility and a contract operator of water and wastewater systems.
What is ransomware?
A ransomware attack is a type of cyberattack that uses malware to block the victim’s valuable data through encryption. The attacker can then demand a ransom for the data to be unlocked. It is a popular form of cyberattack and is a prominent threat facing public-serving institutions like water utilities or schools.
A precaution to take against ransomware attacks is to frequently make difficult-to-access backups of key data. If the backup survives the attack, it allows the victim to restore their encrypted data without paying the ransom.
The Cybersecurity and Infrastructure Agency (CISA) has many resources to help organizations prevent and respond to ransomware attacks at https://www.cisa.gov/stopransomware.
On Jan. 18, also published a cyber incident response guide specifically for water and wastewater systems. Developed in collaboration with the U.S EPA, the guide provides best practices for cyber incident response, as well as information about federal agencies’ response lifecycles.