Water facility operator says ransomware attack affected North America division

One of the world’s biggest operators of water and wastewater systems dealt with a ransomware attack last week that affected its operations in North America.

Veolia is an international firm that specializes in creating water, waste and energy management systems. The company reports about $5 billion in yearly sales in the United States and operates 8,500 water and wastewater facilities around the world, as well as in all 50 U.S. states.

The company said its North America Municipal Water division has been dealing with a ransomware attack that affected some software applications and systems.

“Our IT and Security Incident Response Teams were quickly mobilized, and we are actively cooperating with law enforcement and other third parties to investigate and address this incident,” the company explained in a statement.

“In response to this incident, we implemented defensive measures, including taking the targeted back-end systems and servers offline until they could be restored. As a result, some customers experienced delays when using our online bill payment systems. Those systems are working normally again. Any payments made during this event have been applied, and customer accounts should reflect the most updated information.”

Customers will not be penalized for late payments or charged interest on their bills as a result of the service interruption, they noted, adding that the incident appears to have only affected their “internal back-end systems at Veolia North America.”

It did not affect water or wastewater treatment operations but several people did have their personal information stolen by the hackers.

The company did not respond to requests for comment about the ransomware group behind the attack and no group has come forward to claim credit.

The attack came the same week as a trio of federal agencies in the U.S. published guidance for the water and sanitation sector on cyber incident response as well as the roles, resources and responsibilities for each federal agency involved in cybersecurity.

The water sector has been under the spotlight since hackers allegedly tied to the Iranian government began attacking water systems using technology made by Israeli companies.