
American Water, the largest utility in the U.S., faces a significant cyberattack impacting its billing operations but ensuring essential services remain unaffected.
At a Glance
- American Water’s billing operations were temporarily suspended due to a cyberattack.
- The water supply and safety of 14 million customers remain secure and unaffected.
- The company collaborates with cybersecurity experts and law enforcement following the breach.
- No responsible group has claimed the attack yet, raising concerns over the water sector’s vulnerabilities.
Breach Disrupts American Water Billing Operations
American Water suspended its billing operations and customer service functions following a cyberattack that led to unauthorized access to its systems. Despite the chaos, the company assured its customers that the incident had “no impact on water or wastewater facilities.”
https://therecord.media/american-water-works-cyberattack-utility
Supplying water to approximately 14 million people across 14 states, American Water promptly responded upon discovering the breach on October 3. The company reported the unauthorized activity and disconnected certain systems to safeguard data. The MyWater account system was shut down, pausing billing and rescheduling customer appointments, and as a precaution, the call center was taken offline.
Utility company American Water targeted in cyberattack, pauses customer billinghttps://t.co/MzesHzNbdf pic.twitter.com/HKoBDr3fh2
— The Washington Times (@WashTimes) October 8, 2024
Collaborative Efforts to Counteract the Threat
American Water Works filed a report with the SEC and sought “assistance from law enforcement” while cooperating fully with cybersecurity experts to “assist with the containment and mitigation activities.” These steps align with the necessary measures to protect the integrity of the utility’s operations and data centers.
Amidst these efforts, American Water plans to ensure customers will not incur charges for late payments while the billing system remains down. However, the cyber landscape has become increasingly treacherous, with a reported rise in attacks on water facilities, highlighting vulnerabilities acknowledged by the EPA.
Ongoing Risks to the Water Sector
While no hacker group has claimed responsibility for the attack, it underscores the growing number of incidents affecting water utilities. Recent warnings have highlighted persistent threats to operational technology, and the EPA plans to increase security inspections due to escalating risks in the sector.
The larger context points to a need for reinforced cybersecurity across the water infrastructure in the United States, with calls for Congress to empower the EPA with greater oversight capabilities. This incident is a clarion call for continuous vigilance and the updating of defensive measures to protect critical services.