After discovering that hackers had breached its internal networks last week, American Water, a major public utility in the United States, has disconnected portions of its systems
In an 8-K regulatory filing with the U.S. Securities and Exchange Commission on Monday, American Water, which provides potable water and wastewater services to over 14 million individuals throughout the United States, confirmed the security incident.
In its filing, the New Jersey-based company said that its water and wastewater facilities are “at this time” not affected and continue to operate without interruption. However, the company noted that it’s currently “unable to predict the full impact of this incident.”
American Water also reported that it informed law enforcement of the intrusion.
The organization disclosed that it identified “unauthorized activity” within its networks on October 3 and promptly disconnected the systems. American Water announced on its website that it is “temporarily suspending billing until further notice.”
“To protect our customers’ data and to prevent any further harm to our environment, we disconnected or deactivated certain systems,” Ruben Rodriguez, a spokesperson for American Water, told TechCrunch.
“Customers will not incur late fees during the period in which these systems are unavailable.”
Rodriguez declined to specify the unavailable systems and explain the nature of the cybersecurity incident.
Rodriguez stated, “Our team of professionals is working tirelessly to determine the nature and extent of the incident.”
The ongoing incident at American Water is occurring in the context of the U.S. government’s increasing concern that state-sponsored cyberattacks are increasingly targeting American water infrastructure.
In February, a coalition of U.S. intelligence agencies, including the National Security Agency, U.S. cybersecurity agency CISA, and the FBI, warned that a group of state-sponsored hackers based in China had compromised multiple critical infrastructure systems, including water and wastewater systems, in the United States.
The group, known as “Volt Typhoon,” burrowed into networks by exploiting vulnerabilities in routers, firewalls, and VPNs, the agencies warned.
In some cases, the China-backed hackers have maintained access to these networks for “at least five years,” to disrupt operational technology in the event of a major conflict or crisis between the United States and China.
This warning came after U.S. cybersecurity officials said in late 2023 that an Iranian-linked hacking group was “actively targeting and compromising” multiple U.S. water and wastewater systems facilities that rely on a particular Israeli-made computer system.
