Veolia North America, a subsidiary of the global conglomerate Veolia, disclosed a ransomware attack that targeted its Municipal Water division and disrupted bill payment systems. The company promptly implemented defensive measures, temporarily taking affected systems offline to contain the breach. While customers experienced delays in using online bill payment systems, Veolia assured that payments made during the incident have been applied, and customers won’t face penalties for late payments. The attack has not affected Veolia’s water treatment operations or wastewater services, and the company is working with law enforcement and third-party experts to assess the extent of the impact on its operations and systems.
Veolia North America clarified that the ransomware incident was confined to internal back-end systems, with no evidence suggesting an impact on water or wastewater treatment operations. The company has restored the back-end systems that were taken offline, ensuring that customer payments will not be affected. Despite discovering a limited number of individuals whose personal information might have been impacted, Veolia is actively working with a third-party forensics firm to thoroughly assess the attack’s impact. The company serves approximately 550 communities, providing water and wastewater services, and emphasizes its commitment to resolving the situation without compromising customer interests.
In a broader context, this incident adds to a series of cyberattacks targeting critical water infrastructure globally. Southern Water in the UK recently faced a ransomware attack by the Black Basta gang, emphasizing the vulnerability of water utilities to such threats. The Veolia incident underscores the ongoing challenges in securing essential infrastructure against cyber threats, prompting increased collaboration between government agencies and private entities to enhance cybersecurity measures in the water sector.
