Connect with us

Hi, what are you looking for?



Major US, UK Water Companies Hit by Ransomware

Two major water companies, Veolia in the US and Southern Water in the UK, have been targeted in ransomware attacks that resulted in data breaches.

Water company ransomware

Two major water companies, Veolia North America in the United States and Southern Water in the United Kingdom, have been targeted in ransomware attacks that resulted in data breaches.

Veolia describes itself as the world’s largest private player in the water sector, providing water and wastewater services to tens of millions of people. 

In a notice posted on its website, Veolia North America revealed that its Municipal Water division was hit by ransomware last week. In response to the incident, the company took down the targeted backend systems and servers, which disrupted online bill payment systems.

“This incident seems to have been confined to our internal back-end systems at Veolia North America, and there is no evidence to suggest it affected our water or wastewater treatment operations,” Veolia said.

The water company has also determined that the personal information of “a limited number of individuals” may have been compromised. Affected people will be notified by the firm.

No known ransomware group appears to have taken credit for the attack on Veolia.

Across the pond, a ransomware group targeted Southern Water, which provides water services to 2.5 million customers and wastewater services to 4.7 million customers in the South of England.

A statement issued by the company on Tuesday confirmed that suspicious activity was detected on its systems and an investigation has been launched. 

Advertisement. Scroll to continue reading.

The statement came after the Black Basta ransomware group listed Southern Water on its leak website, claiming to have stolen 750 Gb of files, including ones containing personal information and corporate documents. The hackers posted several screenshots showing that they obtained identification document scans (passports and driver’s licenses) and other documents containing personal information. 

The cybercriminals are threatening to make the stolen data public in five days if Southern Water refuses to pay a ransom.

The water utility is investigating the claims, but has currently found no evidence that customer relationship or financial systems have been impacted. “Our services are not impacted and are operating normally,” it said.

The water sector in the West has been increasingly targeted by malicious cyber actors. Hackers believed to be affiliated with the Iranian government last year targeted industrial control systems (ICS) at multiple water facilities in the United States.

In Ireland, a cyberattack targeting the systems of a small utility caused significant disruption, leaving people without water for two days.   

Related: US Gov Publishes Cybersecurity Guidance for Water and Wastewater Utilities

Related: States and Congress Wrestle With Cybersecurity After Iran Attacks Small Town Water Utilities

Related: CISA Offering Free Vulnerability Scanning Service to Water Utilities

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.


Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Gain valuable insights from industry professionals who will help guide you through the intricacies of industrial cybersecurity.


Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.


Expert Insights

Related Content


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.


A SaaS ransomware attack against a company’s Sharepoint Online was done without using a compromised endpoint.


Several major organizations are confirming impact from the latest zero-day exploits hitting Fortra's GoAnywhere software.

Data Breaches

Sony shares information on the impact of two recent unrelated hacker attacks carried out by known ransomware groups. 

Data Breaches

KFC and Taco Bell parent company Yum Brands says personal information was compromised in a January 2023 ransomware attack.


Alphv/BlackCat ransomware group files SEC complaint against MeridianLink over its failure to disclose an alleged data breach caused by the hackers.

Management & Strategy

Industry professionals comment on the recent disruption of the Hive ransomware operation and its hacking by law enforcement.