American Water, a big U.S. public utility, says it has shut down some of its systems after finding out last week that hackers got into its internal networks
In a Monday 8-K filing with the U.S. Securities and Exchange Commission, American Water, which serves more than 14 million people across the U.S. with drinking water and wastewater, acknowledged the security breach.
In its filing, the New Jersey-based business said that its wastewater and water treatment plants are “at this time” unaffected and continue running normally. However, the company said it’s “unable to predict the full impact of this incident at this time.” American Water said it also told the police about the breach.
The business said it found “unauthorized activity” in its networks on October 3 and quickly disconnected the systems. American Water said on its website that it would “pause billing until further notice.”
A representative for American Water told TechCrunch in a statement, “We disconnected or deactivated some systems to protect our customers’ data and to stop any further damage to our environment.” “Customers will not be charged late fees while these systems are down.”
Rodriguez wouldn’t say which systems weren’t working and wouldn’t know what kind of cybersecurity event it was either.
Rodriguez said, “Our dedicated team of professionals is working around the clock to look into what happened and how bad it was.”
There are more and more warnings from the U.S. government that hackers working for the government are targeting American water systems. This incident at American Water is still going on.
In February, a group of U.S. intelligence agencies, including the FBI, the National Security Agency, and the U.S. cybersecurity agency CISA, warned that a group of state-sponsored hackers from China had broken into several important U.S. infrastructure systems, such as water and sewer systems.
The agencies said the group, called “Volt Typhoon,” got into networks by taking advantage of flaws in routers, firewalls, and VPNs. In some cases, hackers with ties to China have kept their access to these networks open for “at least five years.” They aim to mess up operational technology in case of a big conflict or crisis between the US and China.
In late 2023, U.S. cybersecurity officials said that a hacking group with ties to Iran was “actively targeting and compromising” several U.S. water and sewer systems that depend on a certain
