American Water, the largest water and wastewater utility company in the United States, has recently become a target of a cyberattack. Because of this attack, the company has temporarily stopped billing its customers.1
Based in Camden, American Water provides essential services to around 14 million people across 14 states and also serves 18 military installations.
Here are the details of the incident, which stirs unease about water safety and shows the increasing threat of cybercrime to essential services.
American Water Pauses Billing As It Responds To Cyberattack
Recently, American Water discovered unauthorized activity in its computer network. After investigating, they confirmed it was a Cybersecurity breach. The company informed law enforcement and hired third-party experts to help address the situation. To ensure safety, they shut down their customer portal, MyWater.
As a precaution, they have halted all billing processes while they work to resolve the issue and ensure the security of their systems.
If you are a customer of American Water, you may not receive your usual bill during this time, so don’t worry if you notice any changes in your billing statement. The company is prioritizing the safety of its operations and customer data.
In an October 3, 2024 filing to the Securities and Exchange Commission, American Water believed that none of its facilities or services were harmed by the attack. Right after discovering the incident, they acted swiftly to contain the breach, and investigated what happened and how much damage was done. At this time, the company has not disclosed who may be responsible for the attack.
Urgent Call For Cybersecurity In Critical Infrastructures
Founded in 1886, American Water has a long history of providing essential drinking water and wastewater services to more than 14 million people. The company also manages over 500 individual water and wastewater systems in around 1,700 communities, including areas in New Jersey, Illinois, California, and Pennsylvania.
As cybercrime targeting water systems rises, the Environmental Protection Agency (EPA) has issued warnings about the state of security in many water systems.
According to the EPA, 70% of the water systems it inspected do not fully meet the requirements of the Safe Drinking Water Act. Many systems have serious Cybersecurity vulnerabilities, such as outdated default passwords, weak single login setups, and former employees still having access to systems.
While American Water has been around for over 130 years and is the only water utility company listed on the Dow Jones Utility Average, the recent attack shows that even established companies are not immune to Cybersecurity threats.
Hacks targeting U.S. water infrastructure have been on the rise, with some attacks believed to be linked to geopolitical rivals of the U.S., including countries like Iran, Russia, and China. At this time, it is still unclear who is responsible for the Cyberattack on American Water.
FAQ
Has American Water Works Been Hacked?
Yes, American Water Works has been hacked. They recently experienced a cyberattack that caused them to stop billing customers. The company is working to mitigate and contain the breach, and ensure the security of their systems. They are also cooperating with law enforcement and cybersecurity experts to investigate the attack.
Are US Water Systems Being Attacked?
Yes, U.S. water systems are being attacked more often. Cyberattacks on these systems are increasing, putting important services at risk. This has raised concerns about the safety and security of water supplies across the country, prompting officials to take action to improve protection against these threats.
Why Are Water Systems Being Hacked?
Water systems are being hacked because they are critical infrastructure that many people rely on. Attackers see these systems as valuable targets to disrupt services or steal information. The Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA) encourages better reporting of cyber incidents. The 2Secure team understands these regulations and compliance to help protect organizations against these threats.
Source:
- SHIPKOWSKI, B. (2024, October 7). American Water, the largest water utility in US, is targeted by a cyberattack. AP News. https://apnews.com/article/american-water-cyberattack-36423062dbce05c9aa70ef8aa07810cb
