A water
supplier in Greenville, North Carolina has suffered a targeted cyber-attack that
affected online payments for half a million a people. The outage is expected to
last at least two more days as experts investigate the hack.
Greenville
Water, which serves nearly 500,000 residents of the Upstate region of South
Carolina, announced last week it was experiencing technical difficulties and
asked customers to be patient as it worked to recover from “an international
cyberattack.”
Utility
spokesperson Emerald Clark said online and pay-by-phone systems are not working,
and that the outage would likely last until the next week.
“It has
not and will not impact or compromise the safety and delivery of water that is
treated and maintained by our facilities,” Clark said.
The
spokesperson said the cyberattack was being investigated and experts “have
taken immediate and appropriate action to reinforce existing security measures
and to mitigate the potential impact, as well as determining its origin.”
“We have
been preparing for potential attacks for years and put specific protections in
place to ensure the safety of our data and the integrity of our water,” said Greenville
Water CEO David Bereskin. “While this has caused a temporary disruption, we are
fairly certain that our data has not been compromised.”
Greenville
Water has shared details of the attack with other government agencies, local
news outlet Greenville News reported.
According to
the home page of Greenville Water’s website (screenshot below), the issues
currently experienced by the supplier do not impact the safety of water treated
and maintained by its facilities.

The supplier
also urges clients not to call or email them with payment details, likely
trying to keep customers safe from hackers intercepting their data and using it
to conduct fraud.
Instead,
customers are told to visit the Greenville Water office, where cashiers are
available during normal business hours and accepting cash and check payments.
Greenville
Water doesn’t say how it determined the attack was targeted, or whether the
attackers deployed malware on its systems. The details are consistent with a
typical ransomware attack, but it remains to be confirmed if this is indeed so.