Water giant Veolia North America has confirmed it was hit by a ransomware attack, resulting in the loss of some personal data and the need to take part of its infrastructure system offline.
Worldwide, the Veolia group has almost 213,000 employees and reported €42.9 billion in revenue in 2022, providing drinking water to around 111 million people and other services to roughly 97 million.
The multinational environmental solutions company, which provides energy, waste, and water solutions to around 550 communities and 100 industrial facilities across the United States and Canada — issued a press release detailing the incident last week.
Veolia provided information on the cyber attack concentrated on its Municipal Water division. This prompted a rapid response from its IT and security staff, in partnership with law enforcement and other authorities, to investigate the strike.
The statement explained how the company’s targeted back-end systems and servers were taken offline until they could be restored safely, with a knock-on effect on online bill payment systems. Still, they stressed the systems are fully operational once again.
“Customers will not be penalized for late payments or charged interest on their bills due to this service interruption,” said Veolia.
Ongoing investigation
It has identified a limited number of individuals whose personal information was potentially impacted. The firm has pledged to contact those affected directly to provide assistance and additional information on the serious incident.
The study will be continued in partnership with a third-party forensics contractor to gather further information and work on preventative measures in the future.
Due to the nature of a ransomware attack, it is likely the perpetrators demanded some kind of ransom in return for the information. Still, no details have been provided on the identity of those believed to be involved, the attack’s source, or the hackers’ demands.