[BreachExchange] Cyber-Attack on US Water Company Causes Network Outage

[Destry Winant]

https://www.infosecurity-magazine.com/news/cyber-attack-on-greenvillewater/

A South Carolina water company is recovering from a cyber-attack that
took its phone and online payment systems offline for nearly a week.

The cyber-attack on Greenville Water triggered a payment system outage
that began on Wednesday, January 22. Company spokesperson Emerald
Clark said 500,000 customers were affected by the incident.

An investigation has been launched into the cyber-attack, the exact
nature of which is yet to be revealed by Greenville Water. It's not
yet known who targeted the water company or from where the attack was
launched.

Greenville Water CEO David Bereskin said he was "fairly certain" that
the utility's data had not been compromised as a result of the
incident.

"We have been preparing for potential attacks for years and put
specific protections in place to ensure the safety of our data and the
integrity of our water," said Bereskin.

According to Clark, the cybersecurity incident has had little effect
on data security. She said: "We have no reason to believe that any
confidential information maintained on our systems have been accessed
without authorization."

Clark added that Greenville Water does not store customers' credit card data.

According to a statement released to the media on Friday, experts
"have taken immediate and appropriate action to reinforce existing
security measures and to mitigate the potential impact, as well as
determining its origin."

In the statement, Clark said that the incident "has not and will not
impact or compromise the safety and delivery of water that is treated
and maintained by our facilities."

When asked for comment on the cyber-attack by the Greenville News,
Greenville County government affairs coordinator Bob Mihalic stated
only that "Greenville County uses multiple methods of protecting data,
hardware, and infrastructure from potential cyber-attacks."

Greenville Water's online payment system was back up and running on
Monday afternoon, and its phone payment system was restored the
following day. Greenville Water has assured customers that payments
received late as a result of the attack will not lead to fines or the
shutting off of their water supply.

"Our customer experience has been fully restored," states Greenville
Water on its website. "We are continuing our investigation and will
share additional details as they become available."