Ransomware gang Qilin over the weekend took credit for an early September 2025 cyber attack on the Lakehaven Water & Sewer District in South King County, Washington.
On September 3, Lakehaven announced it was investigating a disruption on its network that disrupted its bill payment system.
On September 25, Qilin claimed responsibility for the attack on its data leak site. To prove its claim, Qilin posted samples images of what it says are internal documents stolen from Lakehaven.
Lakehaven Water & Sewer has not verified Qilin’s claim. We do not know if the district paid a ransom, how much Qilin demanded, what data was compromised, or how attackers breached Lakehaven’s network. Comparitech contacted Lakehaven for comment and will update this article if it replies.
“Our investigation into a disruption to our network is ongoing. As a result, our response times may be slightly delayed this week. We continue to work with cybersecurity professionals to understand what happened, what data was impacted, and restore impacted systems securely,” Lakehaven’s announcement says. “There is no disruption to your water or sewer services. While some of our bill payment processes are disrupted, we understand some customers are unable to make payment. We will not be turning off any customer’s services or assessing any penalties at this time due to any delays in payment.”
Who is Qilin?
Qilin is a ransomware gang that began taking credit for attacks on its data leak site in late 2022. Based in Russia, Qilin mainly targets victims through phishing emails to spread its ransomware. It launched in August 2022 and runs a ransomware-as-a-service business in which affiliates pay to use Qilin’s malware to launch attacks and collect ransoms.
Qilin has claimed responsibility for 134 attacks in total, compromising 2.27 million records. The group has struck 28 government organizations and other public entities like Lakehaven, 19 of which Qilin attacked in 2025 to date.
This month, we confirmed Qilin attacks on:
- Orleans Parish Sheriff’s Office, LA
- Waxhaw, NC local government
- N.V. ELMAR (Aruba), a government-owned utility company
Qilin has made another 469 unconfirmed attack claims that haven’t been publicly acknowledged by the targeted organizations.
Ransomware attacks on US public services
In 2025 to date, Comparitech researchers have logged 63 confirmed ransomware attacks on US government entities and other public services like Lakehaven. Earlier this year, we recorded two other attacks on US public utilities:
- Massachusetts Municipal Wholesale Electric Company notified 510 people of a January 2025 data breach claimed by BlackSuit
- Greenville Electric Utility System reported an August 2025 ransomware attack by unknown attackers
We are also currently tracking a recent Qilin attack claim on Hoffman Estates Park District, which at time of writing says its computer systems are currently down. In addition, some phone extensions and emails have limited access.
Ransomware attacks on a public utility can both steal data and lock down computer systems. Attacks can disrupt service for customers, payment systems, customer service communications, and day-to-day business operations. Utilities must either pay a ransom or face extended downtime, permanent data loss, and putting customers at increased risk of fraud.
About Lakehaven Water & Sewer District
Lakehaven Water & Sewer District delivers water and sewer service to customers in Auburn, Des Moines, Federal Way, Kent, Milton, and Tacoma, Washington. Lakehaven serves about 112,000 people, according to its website.
