2 months ago
13
American Water, the largest regulated water and wastewater utility company in the United States, has fessed up to a cybersecurity incident that forced the shutdown of its customer portal and prompted a temporary suspension of billing services.
The New Jersey company, which serves over 14 million people in 24 states and 18 military installations, said the hack did not negatively affect its water or wastewater facilities or operations and insists its water is safe to drink.
The company did not share technical details on the hack but the language in its public disclosure suggests American Water fell victim to a ransomware compromise.
American Water said it detected the breach on October 3 and immediately disconnected or deactivated certain systems. “We proactively took MyWater offline, which means we are pausing billing until further notice,” the company said, noting that a law enforcement investigation is underway.
“At this time, we currently believe that none of our water or wastewater facilities or operations have been negatively impacted by this incident. There will be no late charges or services shut off while MyWater remains unavailable,” American Water said.
The company said it activated third-party cybersecurity professionals to help with an investigation, which remains ongoing.
US water facilities have become a key target for cyber threat actors, prompting the government to take measures aimed at strengthening the sector’s resilience against cyberattacks.
Related: CISA Reiterates Warning on Simple ICS, Water Attacks
Related: Kansas Water Facility Switches to Manual Operations Following Cyberattack
Related: EPA Issues Alert After Finding Critical Vulnerabilities in Drinking Water Systems
Advertisement. Scroll to continue reading.
Related: Rural Texas Towns Say Cyberattacks Caused Water System to Overflow