A water utility that serves two million people in North Texas is dealing with a cybersecurity incident that has caused operational problems. With more than 850 employees, North Texas Municipal Water District (NTMWD) provides wholesale water, wastewater and solid waste services to more than 13 cities in the state, including Plano and Frisco. Alex Johnson, director of communications for NTMWD, told Recorded Future News that they recently discovered a cyber attack that hit their business computer network.
“Most of our business network has been restored. Our core water, sewer and solid waste services to our member cities and customers have not been affected by this incident, and we continue to provide these services as usual,” Johnson said. “This incident has also affected our telephone system and we hope to have it back up this week. NTMWD has engaged third-party forensic experts who are actively investigating the extent of any unauthorized activity. An investigation is currently underway, which includes reviewing any potentially affected county data.”
The incident comes a day after a cyber attack on the Pennsylvania Water Authority reportedly prompted workers to shut down equipment and use backup tools to maintain water pressure. Johnson added that law enforcement had been notified of the incident, but did not respond to requests for comment on whether NTMWD was dealing with ransomware. A cybercriminal group known as the Daixin Team said it was behind the attack, adding NTMWD to its list of victims on Monday and claiming to have stolen more than 33,000 files containing customer information. NTMWD initially alerted customers that its phone lines were down on November 12. That warning is still on the organization’s website. The ransomware group emerged in June 2022 and in September 2022 caused significant damage to Oakbend Medical Center, a hospital in Richmond, Texas. The hospital spent weeks recovering after its phone lines and patient records systems were knocked out by the attack.
There were also attacks on Fitzgibbon Hospital in Missouri and the German company Ista International. Ransomware groups have targeted water utilities as critical infrastructure organizations that are likely to pay exorbitant ransoms to restore service. U.S. law enforcement agencies said ransomware gangs hit five U.S. water and wastewater utilities between 2019 and 2021, and the numbers did not include three other high-profile cyberattacks on water utilities. Richard Caralli, senior cybersecurity advisor at Axio, told Recorded Future News that municipal water is an underrated attack target.
“This has several challenges: limited cybersecurity budgets and personnel, heavy reliance on third parties, and one of the most direct vectors for large-scale impacts to life, safety and health,” he said.
Earlier this year, the U.S. Environmental Protection Agency (EPA) sought to help improve cybersecurity protections at water utilities, but abandoned those efforts after lawsuits from Republican lawmakers and the powerful industry groups AWWA and NRWA.