American Water, the largest water utility company in the United States, disclosed that it was recently the victim of a cyberattack, leading to a temporary shutdown of its customer billing systems.
The New Jersey-based company, which serves over 14 million people across 14 states, first detected unauthorized activity on its computer networks last Thursday. After confirming the incident as a cybersecurity breach, the company deactivated key systems, including its billing portal, as a precautionary measure.
The investigation into the scope of the breach remains ongoing, with law enforcement and third-party cybersecurity experts involved. The utility company has assured the public that its water treatment and wastewater operations remain unaffected and that the water supply is safe to drink.
However, the attack highlights the growing risk to critical U.S. infrastructure, particularly in the water sector, which has seen an increase in cyberattacks, some linked to foreign adversaries.
Why It Matters: Cyberattacks targeting essential services such as water utilities pose significant risks to public safety and security. The breach at American Water, though not affecting physical water systems, underscores the vulnerabilities in the digital infrastructure of U.S. utilities. With foreign-linked cybercriminals increasingly targeting these critical sectors, even minor breaches can lead to widespread disruptions and potentially catastrophic outcomes. The incident also raises concerns about the broader state of cybersecurity in the water industry, which is often regarded as one of the least secure sectors.
- Cyberattack Disruption: American Water identified unauthorized activity in its networks, which was later confirmed to be a cybersecurity breach. In response, the company temporarily shut down its billing system and portal to protect customer data and prevent further damage.
- Escalating Threats to Infrastructure: The attack on American Water is part of a broader wave of cyberattacks targeting U.S. critical infrastructure, including water systems, electrical grids, and transportation. Many of these attacks have been traced back to foreign entities, particularly from Russia, China, and Iran.
- Ongoing Investigation: Law enforcement and third-party cybersecurity experts are actively investigating the attack. American Water has not yet disclosed whether customer data was compromised but is working diligently to restore systems safely.
- Industry-Wide Vulnerabilities: Recent findings from the Environmental Protection Agency indicate that 70% of water utilities have inadequate cybersecurity protections, with some systems relying on outdated passwords and insecure access methods.