IE 11 Not Supported

For optimal browsing, we recommend Chrome, Firefox or Safari browsers.

Large Texas Water Utility Hit With Ransomware Attack

The North Texas Municipal Water District, which supplies water to sprawling Collin County suburbs, is the latest target of a ransomware attack. The breach has not disrupted service to the more than 2 million customers in the area.

US-NEWS-ONE-NORTH-TEXAS-LARGEST-WATER-1-DA.jpg
Pictured is an aerial view of a Plano water tower on Windhaven Parkway near Parkwood Boulevard and Spring Creek Parkway in Plano.
Smiley N. Pool/TNS
(TNS) — The North Texas Municipal Water District, which supplies water to sprawling Collin County suburbs, is the latest target of a ransomware attack.

A district official stressed the breach has not disrupted service to more than 2 million customers who receive drinking water, as well as wastewater and stormwater management, nor is there indication that it will.

The attack, recently detected by district officials, comes as numerous North Texas entities have faced similar breaches and just one month after Dallas County fell victim to a cyberattack.

Ransomware group Daixin Team claimed responsibility for the attack on the dark web and said it obtained names, dates of birth, medical record numbers and Social Security numbers from the district. According to screenshots posted on social media by cybersecurity experts, the group said it stole 33,844 files and threatened to release data soon.

In a statement, the water district said it has notified law enforcement and hired forensic specialists to investigate the extent of the attack. Spokesperson Alex Johnson said most of the access to its network has been restored, but its phone system remains down.

“Our core water, wastewater, and solid waste services to our member cities and customers have not been impacted by this incident, and we continue to provide those services as usual,” Johnson said.

The water district provides drinking water to people in about a dozen Dallas suburbs, including Allen, Forney, Frisco, Garland, McKinney, Mesquite, Plano, Richardson and Wylie.

Federal authorities say Daixin started in 2022, predominantly targeting U.S. companies specializing in health care. The groupuses several methods to gain access to networks, including phishing emails to access VPN credentials and by exploiting vulnerabilities in VPN servers. Water district officials did not divulge how the group accessed its system.

Last month, ransomware group Play said it hacked into Dallas County’s network and posted some of the stolen information on the dark web.

In the spring, hackers with Royal Ransomware stolemore than 800,000 files from the city of Dallas, which provided access to personal information of more than 26,000 people. The same group claimed responsibility for an attack on Dallas Central Appraisal District on Election Day 2022, freezing employees’ access to computers, emails and the district website. The tax appraisal district paid $170,000 to the ransomware group.

In Fort Worth, hackers gained access in June of this year to data from a city website. Some 80 local government agencies in the U.S. have been targeted by ransomware attacks this year, according to cybersecurity firm Emisoft, which helps recover data stolen from breaches.

The water district said it will “update our Member Cities, Customers, and other stakeholders with additional information about the incident, as appropriate.”

©2023 The Dallas Morning News, Distributed by Tribune Content Agency, LLC.