Cyberattack at Puerto Rico water authority under federal probe

Cyberattack at Puerto Rico water authority under federal probe The FBI and Cybersecurity and Infrastructure Security Agency have launched an investigation into a cyberattack against the Puerto Rico Aqueduct and Sewer Authority which was confirmed to have compromised the U.S. territory's water agency's customer and employee data but not its critical infrastructure, according to The Record, a news site by cybersecurity firm Recorded Future. Security protocols have been implemented following the attack, said PRASA Executive Director Nannette Martinez. While PRASA has not provided any specifics regarding the threat actor behind the intrusion due to the ongoing probe, the water authority has been claimed to be compromised by the Vice Society ransomware operation, which posted on Friday samples of stolen data, including driver's licenses and passports. Such an intrusion follows only weeks after the Environmental Protection Agency issued new rules urging cybersecurity evaluations in public water systems. "Including cybersecurity in PWS sanitary surveys, or equivalent alternate programs, is an essential tool to address vulnerabilities and mitigate consequences, which can reduce the risk of a successful cyberattack on a PWS and improve recovery if a cyber incident occurs," said EPA officials.