alert
WSSC WATER CUSTOMERS
1626976964

Late fees resume on June 1st. We are here to help.
Call us at 301-206-4001.

Water Service Turnoffs Resume
1626894664

Commercial/Government Accts. - August 1
Residential Accts. - September 13

close

WSSC Water is investigating a ransomware attack on May 24 that impacted a portion of our network that operates non-essential business systems. The ransomware virus was successfully removed within hours and WSSC Water is fully operational. The incident does not impact water or wastewater service or quality, and those systems were never at risk. Existing cybersecurity safeguards and swift action taken by WSSC Water’s IT department helped minimize the impact of this attack. WSSC Water has not and will not pay or support the criminals behind this cyberattack.  

“WSSC Water continues to produce and deliver safe, clean water to 1.8 million customers in Montgomery and Prince George’s counties and at no time was the quality or reliability of our drinking water in jeopardy,” said WSSC Water Police and Homeland Security Director David McDonough. 

The systems that operate WSSC Water’s filtration and wastewater treatment plants are, by design, stand-alone networks not connected to the Internet. WSSC Water restored files from back-ups and there was no significant impact on business operations. WSSC Water maintains a partnership with the Department of Homeland Security and is regularly testing its security protocols. WSSC Water will continue to investigate this incident and take steps to protect the integrity of its systems and data.

“These attacks have become more common, especially in recent weeks, and WSSC Water has prepared for this type of event,” added McDonough.

A comprehensive investigation is underway. WSSC Water has notified the FBI, Maryland Attorney General and state and local homeland security officials and will cooperate with any investigation. WSSC Water’s own investigation is expected to take several weeks before all the facts are known. 

While the virus was not successful, it appears the ransomware criminals did gain access to internal files. As the investigation continues, WSSC Water will notify in writing any individuals whose personal identifying information was exposed. Those individuals will be offered five years of credit monitoring with $1,000,000 in identity theft insurance at no cost to them. All individuals are encouraged to remain vigilant and closely examine their financial statements and report anything suspicious to their bank or card issuer. Individuals can also access identitytheft.gov to report any suspicious activity and to learn how to freeze their credit.

While the investigation is ongoing, if individuals have questions or would like more information, please call
1-833-406-2411 weekdays from 9 a.m. to 9 p.m.


Additional Information

  1. What happened? When did you discover this?
    WSSC Water experienced a ransomware attack that impacted a portion of its network that operates non-essential business systems. The attack was discovered on May 24 and the ransomware virus was successfully removed within hours. WSSC Water is fully operational. Existing cybersecurity safeguards and swift action taken by WSSC Water’s IT department helped minimize the impact of this attack.  

  2. Is it safe to drink the water?
    Yes. The incident did not impact WSSC Water’s ability to produce and deliver safe, clean drinking water, and those critical operations were never at risk.
     
  3. What information was potentially exposed?
    While the virus was not successful, it appears the ransomware criminals did gain access to internal files. As the investigation continues, WSSC Water will notify in writing any individuals whose personal identifying information was exposed. Those individuals will be offered five years of credit monitoring with $1,000,000 in identity theft insurance at no cost to them. 

    All individuals are encouraged to remain vigilant and closely examine their financial statements and report anything suspicious to their bank or card issuer. Individuals can also access identitytheft.gov to report any suspicious activity and to learn how to freeze their credit.
     
  4. Should I pay my water/sewer bill this month? Why aren’t you suspending all payments while your investigation is underway?
    You can be confident paying your WSSC Water bill as you normally do.
     
  5. Is my water/sewer bill going to go up as a result of this?
    No. Your WSSC Water bill is determined by your consumption of water.
     
  6. What should I do while you are investigating?
    All individuals are encouraged to remain vigilant and closely examine their financial statements and report anything suspicious to their bank or card issuer. Individuals can also access identitytheft.gov to report any suspicious activity and to learn how to freeze their credit.

    While the investigation is ongoing, if individuals have questions or would like more information, please call 1-833-406-2411 weekdays from 9 a.m. to 9 p.m.
     
  7. Why didn’t you say something sooner?
    Today was the soonest we were in position to provide our community with information, and most importantly, outline the steps we are implementing. We hope you appreciate we are being transparent about what we do not know. We continue to investigate this matter to learn the facts.

News Release

WSSC Water Investigating Ransomware Cyberattack

Last Modified: June 25, 2021, 2:30 pm EDT