Among North Texas’ largest water suppliers is latest victim of cyberattack

Nov. 29, 2023
The attack, recently detected by district officials, comes as numerous North Texas entities have faced similar breaches

The North Texas Municipal Water District, which supplies water to sprawling Collin County suburbs, is the latest target of a ransomware attack.

A district official stressed the breach has not disrupted service to more than 2 million customers who receive drinking water, as well as wastewater and stormwater management, nor is there indication that it will.

The attack, recently detected by district officials, comes as numerous North Texas entities have faced similar breaches and just one month after Dallas County fell victim to a cyberattack.

Ransomware group Daixin Team claimed responsibility for the attack on the dark web and said it obtained names, dates of birth, medical record numbers and Social Security numbers from the district. According to screenshots posted on social media by cybersecurity experts, the group said it stole 33,844 files and threatened to release data soon.

In a statement, the water district said it has notified law enforcement and hired forensic specialists to investigate the extent of the attack. Spokesperson Alex Johnson said most of the access to its network has been restored, but its phone system remains down.

“Our core water, wastewater, and solid waste services to our member cities and customers have not been impacted by this incident, and we continue to provide those services as usual,” Johnson said.

The water district provides drinking water to people in about a dozen Dallas suburbs, including Allen, Forney, Frisco, Garland, McKinney, Mesquite, Plano, Richardson and Wylie.

Federal authorities say Daixin started in 2022, predominantly targeting U.S. companies specializing in health care. The group uses several methods to gain access to networks, including phishing emails to access VPN credentials and by exploiting vulnerabilities in VPN servers. Water district officials did not divulge how the group accessed its system.

Last month, ransomware group Play said it hacked into Dallas County’s network and posted some of the stolen information on the dark web.

In the spring, hackers with Royal Ransomware stole more than 800,000 files from the city of Dallas, which provided access to the personal information of more than 26,000 people. The same group claimed responsibility for an attack on Dallas Central Appraisal District on Election Day 2022, freezing employees’ access to computers, emails and the district website. The tax appraisal district paid $170,000 to the ransomware group.

In Fort Worth, hackers gained access in June of this year to data from a city website. Some 80 local government agencies in the U.S. have been targeted by ransomware attacks this year, according to cybersecurity firm Emisoft, which helps recover data stolen from breaches.

The water district said it will “update our Member Cities, Customers, and other stakeholders with additional information about the incident, as appropriate.”

©2023 The Dallas Morning News. Visit dallasnews.com.

Distributed by Tribune Content Agency, LLC.