An investigation is currently underway into a ransomware attack at the Cucamonga Valley Water District that took down a computer system earlier this month and prevented customers from making payments by phone.

The Aug. 15 cybersecurity incident was resolved on Monday, Aug. 26, allowing CVWD to resume accepting payments by phone, district spokesman Eric Grubb said in an email.

The CVWD’s water utilities and customer database, which are on separate networks from the phone system, were not affected. The district serves 190,000 customers in a 47-square-mile area that includes about 49,000 water connections in Rancho Cucamonga, Upland, Fontana and Ontario.

The water district informed federal authorities that the ransomware attack caused a “network disruption,” but did not identify the hackers or disclose whether a ransom was paid.

“Our team is working diligently to determine the extent of the incident,” the water district said in a statement. Customers will be notified if it is determined that their personal information has been compromised.

The incident marks at least the second time that Cucamonga Valley Water District systems involving customer payments have fallen victim to hackers.

In 2019, a server that processed one-time credit card transactions for the utility company was hacked. While investigators did not immediately find conclusive evidence of the data theft, it is possible that some payment data was stolen.

In March, the federal government warned state governors that foreign hackers were launching attacks on water systems across the United States.

Specifically, hackers linked to the Iranian government’s Islamic Revolutionary Guard Corps have carried out malicious cyberattacks on critical infrastructure facilities, including drinking water systems, the head of the US Environmental Protection Agency, Michael S. Regan, and National Security Advisor Jake Sullivan said in a letter.

IRGC hackers targeted a common operating technology in water plants and disabled it because they forgot to change the manufacturer’s default password.

In addition, Volt Typhoon, a cyber organization sponsored by the People’s Republic of China, has compromised the information technology systems of several drinking water companies.

“Drinking water and wastewater systems are an attractive target for cyberattacks because they represent a vital critical infrastructure sector, but they often lack the resources and technical capacity to implement rigorous cybersecurity practices,” the letter said.

Elsewhere in the Inland Empire, San Bernardino County admitted in May that it and its insurer had paid a $1.1 million ransom to a hacker who uploaded malware to the sheriff’s computer system. While the cyberattack did not threaten public safety, it required officials to rely on other law enforcement agencies to check criminal records.

Originally published: August 27, 2024 at 3:42 pm