One of world’s largest water utility companies hit by ransomware attack — incident seems to have limited impact

Unnamed threat actor also thought to have stolen sensitive Veolia North America data

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

A department in Veolia North America, a transnational company offering water, energy and waste recycling management services, suffered aransomwareattack which resulted in the theft of some personal data, and forced the company to take parts of its infrastructure offline.

In a press release published on the Veolia website, the company confirmed its Municipal Water division suffered an incident that forced the firm to take the targeted back-end systems and servers offline until they could be restored.

“As a result, some customers experienced delays when using our online bill payment systems,” the releasestates.

Operations not affected

Since then, the systems have been restored, and any payments made during the attack have been applied. “Customers will not be penalized for late payments or charged interest on their bills due to this service interruption,” Veolia added.

Veolia North America provides water and wastewater services to some 550 communities. It also services industrial water for some 100 industrial facilities, treating more than 8 billion liters of water and wastewater every day. Still, the company says this attack didn’t affect its operations.

Some personal data may have been stolen, though. “Those individuals who may have been impacted by this incident will be contacted directly by Veolia and provided additional information and assistance,” the company said in the announcement. There was no elaboration on who the impacted individuals are, or what type of data was taken. Given that this was a ransomware attack, it’s likely that the threat actors demanded ransom in exchange for the information. At this point there is no information on who the attackers are, what their demands are, or what the deadline is.

Relevant authorities and law enforcement agencies have been notified of the attack, and external forensics teams were brought in to assist with the aftermath of the attack.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

ViaBleepingComputer

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

This new phishing strategy utilizes GitHub comments to distribute malware

Should your VPN always be on?

New fanless cooling technology enhances energy efficiency for AI workloads by achieving a 90% reduction in cooling power consumption