WSSC Water is investigating a ransomware attack on May 24 that impacted a portion of our network that operates non-essential business systems. The ransomware virus was successfully removed within hours and WSSC Water is fully operational. The incident does not impact water or wastewater service or quality, and those systems were never at risk. Existing cybersecurity safeguards and swift action taken by WSSC Water’s IT department helped minimize the impact of this attack. WSSC Water has not and will not pay or support the criminals behind this cyberattack.
“WSSC Water continues to produce and deliver safe, clean water to 1.8 million customers in Montgomery and Prince George’s counties and at no time was the quality or reliability of our drinking water in jeopardy,” said WSSC Water Police and Homeland Security Director David McDonough.
The systems that operate WSSC Water’s filtration and wastewater treatment plants are, by design, stand-alone networks not connected to the Internet. WSSC Water restored files from back-ups and there was no significant impact on business operations. WSSC Water maintains a partnership with the Department of Homeland Security and is regularly testing its security protocols. WSSC Water will continue to investigate this incident and take steps to protect the integrity of its systems and data.
“These attacks have become more common, especially in recent weeks, and WSSC Water has prepared for this type of event,” added McDonough.
A comprehensive investigation is underway. WSSC Water has notified the FBI, Maryland Attorney General and state and local homeland security officials and will cooperate with any investigation. WSSC Water’s own investigation is expected to take several weeks before all the facts are known.
While the virus was not successful, it appears the ransomware criminals did gain access to internal files. As the investigation continues, WSSC Water will notify in writing any individuals whose personal identifying information was exposed. Those individuals will be offered five years of credit monitoring with $1,000,000 in identity theft insurance at no cost to them. All individuals are encouraged to remain vigilant and closely examine their financial statements and report anything suspicious to their bank or card issuer. Individuals can also access identitytheft.gov to report any suspicious activity and to learn how to freeze their credit.
If you received a letter from WSSC Water regarding the May 24 cyberattack and would like to sign up for the five (5) years of credit monitoring with $1,000,000 in identity theft insurance at no cost to you, please call
(855) 797-1270, weekdays from 9 a.m. to 11 p.m. and weekends from 11 a.m. to 8 p.m. Please note you will need information on your letter to enroll.
- What happened? When did you discover this?
On May 24, 2021, our IT department discovered a virus beginning to infect non-essential business systems. The virus was successfully halted and removed within hours. WSSC Water is fully operational, and the incident did not impact water or wastewater service or quality. The impacted business systems were restored to full operation within days. As we have continued to investigate this matter, it appears that files on our network were accessed by an unauthorized individual, including files containing your information.
- Is it safe to drink the water?
Yes. The incident did not impact WSSC Water’s ability to produce and deliver safe, clean drinking water, and those critical operations were never at risk.
- I received a letter from WSSC Water. What should I do?
If you received a letter from WSSC Water regarding the May 24 cyberattack and would like to sign up for the five (5) years of credit monitoring with $1,000,000 in identity theft insurance at no cost to you, please call (855) 797-1270, weekdays from 9 a.m. to 11 p.m. and weekends from 11 a.m. to 8 p.m. Please note you will need information from your letter to enroll. Please see the portion of the letter entitled: “Steps You Can Take to Protect Personal Information” for detailed instructions on how to enroll. Only customers that receive a letter from WSSC Water are eligible for this credit monitoring offer.
- I received two (2) letters, what do I do?
If you received two (2) letters addressed to the same person and wish to enroll in credit monitoring being offered, please use only one of the letters and follow the instructions given to enroll in credit monitoring using the activation code provided. If you need additional help, please call Experian at 855-797-1270.
- What if I am a minor and turn 18?
If you enrolled in the initial identity monitoring as a minor your parent will receive an email stating that the new adult cannot be monitored. At that time, you will need to call Experian at the number provided in the email and provide the engagement number so the call center agent can enroll you in “Identity”. The product does not include credit monitoring because it is unlikely you will have a credit file as a new adult but does offer continued dark web monitoring, insurance, and identity restoration.
- What information was involved?
If you received a letter from WSSC Water regarding this incident, it means your information may have been impacted by this event. The information impacted varied by individual and can be found in the notice letter you received. We have no indication at this time that your information was publicly disclosed or subject to actual or attempted misuse as a result of this incident; however, in an abundance of caution, we are providing this notification, and offering you five (5) years of credit monitoring with $1,000,000 in identity theft insurance at no cost to you. If you did not receive a letter, your information was not impacted.
- What is WSSC WATER doing now?
We are offering every potentially impacted individual the ability to receive five (5) years of credit monitoring with $1,000,000 in identity theft insurance at no cost. Upon learning of this incident, WSSC Water moved quickly to secure our systems and to conduct a comprehensive investigation, as well as to report this incident to the FBI and Maryland Attorney General and state and local homeland security officials. As part of our ongoing commitment to the privacy of personal information in our care, and to help defend against future attacks, we are reviewing our policies, procedures, and processes related to storage of and access to personal information. This investigation and response includes confirming the security of WSSC Water’s systems, reviewing the contents of relevant data for sensitive information, and notifying impacted individuals associated with that sensitive information. We also will cooperate with any investigation by law enforcement.
- Why did it take so long to notify me?
WSSC Water takes the security of personal information seriously. Individuals were notified as soon as WSSC Water completed its extensive investigation to determine their identities and the nature of their information that was potentially affected. As soon as we learned of this incident, we immediately took steps to isolate affected systems and implement measures to prevent additional systems from being affected, including taking systems offline as a precaution. As part of our comprehensive response, we launched an investigation to determine the nature and scope of the incident. We then focused on determining what data containing personal information may have been accessed or exposed so that we could provide the written notification you received, together with five (5) years of credit monitoring with $1,000,000 in identity theft insurance at no cost to you.
- What else can I do to protect my information?
If you received a letter from WSSC Water regarding the May 24 cyberattack, we encourage you to enroll to receive the five (5) years of complimentary credit monitoring and identity theft protection services being provided by WSSC Water. WSSC Water will cover the cost of this service.
We also encourage you to remain vigilant against incidents of identity theft and fraud, to review your account statements and monitor your free credit reports for suspicious activity and to detect errors. Here’s additional steps you can take:
Closely examine your financial statements and report anything suspicious to their bank or card issuer. Individuals can also access identitytheft.gov to report any suspicious activity and to learn how to freeze their credit.
- Should I pay my water/sewer bill this month?
You can be confident paying your WSSC Water bill as you normally do.
- Is my water/sewer bill going to go up as a result of this?
No. Your WSSC Water bill is determined by your consumption of water.
WSSC Water Investigating Ransomware Cyberattack