American Water, the largest regulated water and wastewater utility company in the U.S., recently announced that it was the target of a cybersecurity incident. The New Jersey-based company discovered unauthorized activity in their computer networks and systems on Thursday, leading them to determine that it was the result of a cyberattack. As a response, the company immediately activated its incident response protocols and sought assistance from third-party cybersecurity professionals to help contain, mitigate, and investigate the nature and scope of the incident. American Water also notified law enforcement and is cooperating fully with them during this process.
In response to the cybersecurity incident, American Water made the decision to take their customer portal service offline and suspend billing “until further notice.” The company assured customers that, as of now, they believe that none of their water or wastewater facilities or operations have been negatively impacted by the incident. Their team is actively working to safely restore the affected systems. American Water, which was founded in 1886, serves more than 14 million people across 14 states and 18 military facilities, providing drinking water and wastewater services. They manage over 500 water and wastewater systems in approximately 1,700 communities, including in California, Illinois, Kentucky, New Jersey, and Pennsylvania.
This cybersecurity incident highlights the growing threat of cyberattacks on critical infrastructure, such as water and wastewater utilities. It underscores the importance of robust cybersecurity measures and incident response protocols for organizations that provide essential services to millions of people. American Water’s proactive response to the incident, including working with third-party cybersecurity professionals and law enforcement, demonstrates their commitment to addressing cybersecurity threats and protecting their systems and customers.
The incident also serves as a reminder of the potential consequences of cyberattacks on vital services like water and wastewater management. A successful cyberattack on such systems could have severe repercussions, affecting not only the company’s operations but also the millions of customers who rely on their services for clean drinking water and wastewater treatment. The incident could prompt other organizations in the water and wastewater industry to evaluate their own cybersecurity measures and ensure they are prepared to respond to similar threats effectively.
American Water’s decision to suspend billing and take their customer portal service offline as part of their response to the cyberattack demonstrates their focus on protecting their customers’ sensitive information and ensuring the security of their systems. By taking these steps, the company aims to prevent further unauthorized access and safeguard customer data. This incident serves as a reminder of the importance of cybersecurity for companies that handle sensitive customer information and underscores the need for constant vigilance and preparedness in the face of evolving cyber threats.
As American Water continues to investigate the cyberattack and work to restore their systems, customers and stakeholders will be closely monitoring the situation to ensure that the company’s operations remain secure and that any potential impacts are minimized. The incident serves as a wake-up call for organizations in the water and wastewater industry to prioritize cybersecurity and invest in robust measures to protect their systems and data. By learning from this incident and enhancing their cybersecurity defenses, companies can better safeguard critical infrastructure and ensure the continued delivery of essential services to their customers.
