Summary
American Water Works, the largest regulated water and wastewater utility company in the United States, recently reported a cybersecurity incident involving unauthorized activity within its computer networks. The company activated its incident response protocols and engaged third-party cybersecurity experts to manage the situation and investigate the breach, while assuring that its water and wastewater operations remain unaffected.
The breach was detected on a Thursday, prompting American Water to take immediate action, including shutting down certain systems and temporarily taking its customer portal offline, which halted billing processes. The company emphasized that, although none of its facilities were believed to be harmed, it could not predict the full impact of the incident. This incident highlights a growing trend of cyberattacks targeting critical infrastructure in the U.S., with recent reports indicating an increase in such attacks, particularly from foreign hackers. American Water’s proactive measures included notifying law enforcement and cooperating fully with investigative efforts, reflecting a broader concern about the vulnerability of essential services to cyber threats.
Incident Details
- Discovery of Unauthorized Activity: American Water discovered unauthorized activity in its systems, which was confirmed to be the result of a cyberattack.
- Immediate Response: The company activated incident response protocols and engaged cybersecurity professionals for containment and investigation.
- Systems Affected: Some systems were disconnected or deactivated to protect customer data and prevent further issues.
Broader Context
American Water serves over 14 million people across 14 states and 18 military installations, managing more than 500 water and wastewater systems. This incident is part of a troubling trend, as the number of reported data breaches in the U.S. reached a record high in 2023, with significant increases in cyberattacks targeting critical infrastructure. The Environmental Protection Agency and National Security officials have previously warned about the vulnerabilities of drinking water and wastewater systems, underscoring the importance of robust cybersecurity practices in these essential services.
American Water Works cyberattack: Water supplier says its systems were hacked
Oct. 7 / Fast Company / Offers a broader perspective on the increasing vulnerability of critical infrastructure, linking the incident to national cybersecurity concerns. The inclusion of statistics on data breaches is compelling, though it may overwhelm the central narrative. “ The largest supplier of drinking water and wastewater services in the U.S. is the latest target to be hit by hackers. American Water Works, which provide...
Largest water utility company in the U.S. targeted in cyberattack
Oct. 8 / Nbc News / Provides a clear timeline of the incident and details on American Water's operations, enhancing understanding of the company's scale. However, it could benefit from a more in-depth exploration of the cybersecurity measures being implemented. “ American Water, the largest regulated water and wastewater utility company in the U.S., announced Tuesday that it was the target of a “cybersecurity...
Cybersecurity Incident Hits America's Largest Regulated Water & Wastewater Utility Firm
Oct. 7 / Zerohedge / Highlights American Water's prompt response to the cyber incident, emphasizing its commitment to customer safety. The comprehensive context on foreign hacking trends adds depth, but lacks a critical analysis of potential long-term impacts. “ The largest regulated water and wastewater utility company in the United States revealed in a filing published on the SEC's website that it has discovered a...