On February 9, 2024, Veolia North America (“Veolia”) reported a data breach to the Attorney General of Montana following a recent ransomware attack targeting the company. The breach led to unauthorized access to consumers’ sensitive information, including names, Social Security numbers, financial details, payment card numbers, dates of birth, government identifications, and driver’s license numbers. Veolia initiated data breach notification procedures after completing its investigation.
According to Veolia’s filing, suspicious activity within its computer network was detected on January 9, 2024. Subsequently, the company secured its systems and engaged third-party forensics specialists to investigate the incident, while also notifying law enforcement.
The investigation revealed that an unauthorized party gained access to Veolia’s IT network through a ransomware attack targeting “multiple back-end systems.” Consequently, certain files containing confidential consumer information were accessed or acquired by the unauthorized party.
Following the discovery of the breach, Veolia reviewed compromised files to identify impacted individuals and the leaked information. The compromised data may include names, Social Security numbers, financial information, payment card numbers, dates of birth, government identifications, and driver’s license numbers.
On February 9, 2024, Veolia began sending out data breach notification letters to affected individuals, providing details on the compromised information specific to each recipient.
Veolia North America is the North American division of Veolia Group, a French utility and energy company. Operating numerous sites, plants, and facilities across the U.S., Veolia provides residential water services in select areas of New York, Pennsylvania, New Jersey, Rhode Island, Idaho, and Delaware. With over 10,000 employees, Veolia generates approximately $3 billion in annual revenue.