HQ/EMEAFind out how we can help your business
PRASA (Puerto Rico Aqueduct and Sewer Authority) is investigating a cybercriminal campaign that impacted its system last week. The agency immediately deployed its incident response protocol after confirming the breach.
Based on reports, the threat actors successfully infiltrated the customer and employee data of the entity. Hence, the agency said it would disseminate notification messages to the impacted customers and employees.
Fortunately, the operations at the agency’s critical infrastructure in Puerto Rico did not suffer any compromise.
PRASA coordinates with the FBI and CISA to address the situation.
A representative of PRASA stated that they had detected the cybersecurity incident and contacted relevant authorities to help them with the investigation.
The agency has yet to disclose the name of the attackers despite confirming the cyberattack. However, the Vice Society ransomware group claimed the attack and listed the agency on its Tor leak website.
Unfortunately, the notorious ransomware group publicly posted the affected individuals’ passports, driver’s licenses, and other documents during the PRASA attack.
On the other hand, the agency’s executive president only stated that the culprit of the attack was a criminal organisation that high-level authorities had already recognised.
The executive president apologised to everyone since they could not yet reveal more details about the attack because of the ongoing investigation. The agency has assured its clients that its services are still valid and will continue to provide adequate service.
Customers are urged to alter their passwords to prevent further compromise.
This incident has proven the importance of the US administration’s mandatory cybersecurity audits of public water systems since it is a critical infrastructure that could affect numerous individuals.
Furthermore, threat actors will likely target these agencies as they could leverage their importance and earn profit immediately.
A recent audit showed that the water sector lacks proper defences and operational technology on their water systems. In numerous incidents, the attack became successful since most did not have substantial cybersecurity practices and only relied on voluntary measures.
