US Virgin Islands Water and Power Authority

The US Virgin Islands Water and Power Authority, also known as VIWAPA, is the utility organization responsible for providing water and electricity services to the residents and businesses of the United States Virgin Islands. Operating as the primary provider in the territory, it manages the generation, transmission, and distribution of these essential utilities across the islands. The authority's services are critical to the daily functioning of the territory's communities, economy, and infrastructure. Its customer base includes residential, commercial, and industrial users within the USVI. The organization maintains the infrastructure necessary for water supply and power generation. As a key entity in the region, its operations impact nearly every aspect of life in the US Virgin Islands. The authority's role encompasses both the delivery of utilities and the associated billing and customer service functions. Its existence ensures that the territory has a dedicated entity overseeing water and power, which are fundamental to public health and economic activity. The provision of these services places VIWAPA at the center of the territory's public utility sector.

In recent years, VIWAPA has experienced significant cybersecurity incidents that impacted its operations and customers. In October 2019, a data breach occurred through the authority's Click2Gov payment portal, resulting in unauthorized transactions on customer credit and debit cards. This incident involved a previously unidentified vulnerability in the payment system, which was later patched by the software provider, Central Square Technologies. Earlier in June 2019, the authority suffered a business email compromise attack that led to an unauthorized transfer of $2.3 million to an unknown account. Following these events, VIWAPA reported the incidents to federal authorities, including the FBI, and implemented staff training to help identify suspicious communications. The breaches highlighted vulnerabilities in the authority's digital payment processes and email security. They also underscored the broader threat landscape facing public utility entities. The occurrence of multiple breaches within a short period indicated ongoing security challenges for the authority. In the territory, local officials acknowledged collaborating with the Department of Homeland Security to enhance monitoring of public-facing cyber systems, though no additional budgetary allocations were designated for these improvements at the time.