News Heading - 1

Major Water Suppliers in the UK and US Targeted in Ransomware Attacks

  • Written by Shipra Sanganeria Cybersecurity & Tech Writer
  • Fact-Checked by Justyn Newman Former Lead Cybersecurity Editor

In two separate cybersecurity incidents, utilities companies Southern Water (UK) and Veolia in the US reported suffering data breaches due to ransomware attacks.

Southern Water provides water services to 2.5 million customers and wastewater services to 4.5 million customers across Southern England.

On January 23, in a statement, the company revealed that its data had been stolen and a few of them published. ‘’We are aware of a claim by cyber criminals that data has been stolen from some of our IT systems. We had previously detected suspicious activity, and had launched an investigation, led by independent cyber security specialists,’’ the notice read.

However, it emphasized that its customer relationships or financial systems had not been impacted, and its services were operating as normal.

The statement came soon after the notorious ransomware gang, Black Basta published a sample of the stolen data on its TOR website. It claimed to have exfiltrated 750 GB of files from the company, including users’ personal information and corporate documents.

It has also set a ransom deadline for January 29, and threatened to publish the data unless its demands are met.

Meanwhile, Southern Water has launched an internal investigation and reported the incident to the relevant regulatory agency and the UK government. It also reassured its customers that if evidence was found of a data breach, the impacted employees and customers would be notified as per the company’s obligations.

On January 19, Veolia North America, a major player in the US water services market, revealed that ‘’some software applications and systems in its Municipal Water division’’ were impacted by a ransomware attack. Few of its customers’ also experienced delays in paying bills, while some had their data accessed by hackers.

Nevertheless, the company stated that the incident was limited to its ‘’internal back-end systems’’ and did not impact its water or wastewater treatment operations.

Both the incidents show the growing cybersecurity threat to critical infrastructure companies across the world.

News Heading - 2

Credential Stuffing Attack Exposes Data of Jason’s Deli Customers

  • Written by Shipra Sanganeria Cybersecurity & Tech Writer
  • Fact-Checked by Justyn Newman Former Lead Cybersecurity Editor

Popular US-based restaurant chain Jason’s Deli informed the customers registered with its online platform that their personal data might have been exposed in a data security incident.

According to the notification letter sent to customers and submitted to the Maine Attorney General’s Office, the incident was first discovered on December 21, 2023. The restaurant chain said that unknown hackers obtained credentials from data breach incidents unrelated to Jason’s Deli and used them to access its reward and online accounts.

“On December 21, 2023, we learned that an unauthorized party had obtained an unknown number of Deli Dollar and online account login credentials (usernames and passwords) most likely from other data breaches or other sources not involving Jason’s Deli,” the notice read.

According to the list submitted by the company, nearly 344,000 individuals were affected by this credential stuffing attack, and the personal information compromised may include:

  • Name
  • Address (all saved delivery address)
  • Phone number
  • Birthday
  • Contact list
  • House account number
  • Deli Dollars points
  • Truncated gift card/credit card numbers (last 4 digits)

Despite the type of information compromised, Jason’s believes that the attack can only be effective if the said users have reused the same credentials across multiple online platforms. Thus, making their Deli accounts susceptible to online hacking.

Jason’s Deli also revealed that although the incident was discovered, it was unable to confirm the number of accounts affected. “We do not know the number of accounts that the unauthorized party was able to access, but out of an abundance of caution, we are sending this notice to all potentially affected account holders,” it confirmed in the notification.

In addition to bolstering its data security, the company will also be restoring balances of impacted customers’ Deli Dollars account (wherever applicable). Customers are also advised to change their usernames and create complex passwords for Deli and other online accounts.

With more than 250 restaurants, Jason’s Deli is an American family-owned restaurant chain, employing over 6,000 employees across the US.