American Water reported a cyberattack impacting its computer networks and pausing some services.
American Water Works Company, Inc., the largest regulated water and wastewater utility in the United States, has disclosed that it was the target of a cyberattack.
The New Jersey-based utility, which serves over 14 million people across 14 states and 18 military installations, detected the unauthorized activity on Oct. 3, according to an Oct. 7 regulatory filing and a security-related note on the company’s website.
Stacy Mitchell, executive vice president and general counsel at American Water, wrote in the filing that the company discovered that unknown parties had unlawfully breached the company’s computer networks and systems, prompting the utility to shut down some of its systems, launch an investigation, and contact law enforcement.
Mitchell said that American Water does not believe that the cyberattack negatively impacted any of its wastewater or drinking water systems.
“Although the Company is currently unable to predict the full impact of this incident, the Company does not expect the incident will have a material effect on the Company, or its financial condition or results of operations,” Mitchell wrote in the filing.
The utility’s online customer portal, MyWater, has been temporarily taken offline to protect sensitive data, according to a security-related notice issued by the company. Customers will not incur late fees or face service disruptions while the portal remains down, and the company’s call center is operating with limited functionality. Drinking water remains safe to drink.
“We are working diligently to bring the disconnected systems back online safely and securely,” the notice reads. “Investigations of this nature take time, and we will share information when and as appropriate.”
The attack against American Water happened amid heightened cybersecurity concerns in the water sector.
Several months ago, the U.S. Environmental Protection Agency (EPA) issued an enforcement alert warning of an increasing number of cyberattacks against community water systems. The agency cautioned that such incidents could allow cyber intruders to manipulate operational technology, potentially leading to dangerous consequences, such as the disruption of water treatment processes or the alteration of chemical levels to “hazardous amounts.”
By Tom Ozimek