CAMDEN, NJ - In a security statement on its website, American Water, the country's largest water utility company said that it had been hit by a cyberattack on Thursday, October 3rd.
According to CNBC, the statement said that the company had learned of "unauthorized activity" in its computer networks and systems, determining that it was the "result of a cybersecurity incident." On Tuesday, October 8th, the company said that in response, it shut down its customer service portal and its billing function "until further notice" and will not be charging any late fees or other fees related to billing as long as the system is down.
"American Water recently learned of unauthorized activity in our computer networks and systems which we determined to be the result of a cybersecurity incident," the company indicated in its statement.
"As part of our response, we proactively took our customer portal service, MyWater, offline, which means we are pushing billing until further notice. We are working diligently to bring our systems back online safely and securely."
FOX Business reported that the company activated its incident response protocols and has brought in third-party cybersecurity professionals to "assist with containment, mitigation, and an investigation into the scope and nature of the incident." The company said it also notified law enforcement and is "coordinating fully with them" in response to the cyber incident.
American Water manages over 500 water and wastewater systems around the country that treat and deliver over one billion gallons of water per day. It services about 1,700 communities in 14 states as well as at 18 U.S. military installations, serving more than 14 million people. States where American Water operates include New Jersey, Pennsylvania, Maryland, West Virginia, Kentucky, Tennessee, Georgia, Indiana, Illinois, Iowa, Missouri, California, and Hawaii.
Hacks targeting U.S. water infrastructure have been increasing, with some of the attacks linked to geopolitical rivals of the United States, including Iran, Russia, and China. According to an Environmental Protection Agency (EPA) spokesperson, taking our critical national infrastructure has become a top priority for foreign-linked cybercriminals. The spokesperson said, "All drinking water and wastewater systems are at risk — large and small, urban and rural."
One recent Russian-linked hack in January of a water filtration plant in a small Texas town, Muleshoe, was located near a military base. Adam Isles, head of cybersecurity practice for Chertoff Group said, "Water is among the least mature in terms of security." Back in February, the FBI warned Congress that Chinese hackers had penetrated deeply into the United States' cyber infrastructure in an attempt to cause damage. The hackers reportedly targeted water treatment plants, the electrical grid, transportation systems, and other critical infrastructure.
The rising cybercrime wave targeting key water infrastructure led the EPA to issue an enforcement alert warning that 70 percent of water systems it inspected do not fully comply with requirements in the Safe Drinking Water Act. Without quantifying an exact number, EPA said some have "alarming cybersecurity vulnerabilities," including things like default passwords that have not been updated, vulnerable single login setups, and former employees who retained systems access.
American Water said it remains early in the investigation and "currently believes" that no water or wastewater facilities or operations have been impacted and that the water remains safe to drink.
According to CNBC, the statement said that the company had learned of "unauthorized activity" in its computer networks and systems, determining that it was the "result of a cybersecurity incident." On Tuesday, October 8th, the company said that in response, it shut down its customer service portal and its billing function "until further notice" and will not be charging any late fees or other fees related to billing as long as the system is down.
"American Water recently learned of unauthorized activity in our computer networks and systems which we determined to be the result of a cybersecurity incident," the company indicated in its statement.
"As part of our response, we proactively took our customer portal service, MyWater, offline, which means we are pushing billing until further notice. We are working diligently to bring our systems back online safely and securely."
FOX Business reported that the company activated its incident response protocols and has brought in third-party cybersecurity professionals to "assist with containment, mitigation, and an investigation into the scope and nature of the incident." The company said it also notified law enforcement and is "coordinating fully with them" in response to the cyber incident.
American Water manages over 500 water and wastewater systems around the country that treat and deliver over one billion gallons of water per day. It services about 1,700 communities in 14 states as well as at 18 U.S. military installations, serving more than 14 million people. States where American Water operates include New Jersey, Pennsylvania, Maryland, West Virginia, Kentucky, Tennessee, Georgia, Indiana, Illinois, Iowa, Missouri, California, and Hawaii.
Hacks targeting U.S. water infrastructure have been increasing, with some of the attacks linked to geopolitical rivals of the United States, including Iran, Russia, and China. According to an Environmental Protection Agency (EPA) spokesperson, taking our critical national infrastructure has become a top priority for foreign-linked cybercriminals. The spokesperson said, "All drinking water and wastewater systems are at risk — large and small, urban and rural."
One recent Russian-linked hack in January of a water filtration plant in a small Texas town, Muleshoe, was located near a military base. Adam Isles, head of cybersecurity practice for Chertoff Group said, "Water is among the least mature in terms of security." Back in February, the FBI warned Congress that Chinese hackers had penetrated deeply into the United States' cyber infrastructure in an attempt to cause damage. The hackers reportedly targeted water treatment plants, the electrical grid, transportation systems, and other critical infrastructure.
The rising cybercrime wave targeting key water infrastructure led the EPA to issue an enforcement alert warning that 70 percent of water systems it inspected do not fully comply with requirements in the Safe Drinking Water Act. Without quantifying an exact number, EPA said some have "alarming cybersecurity vulnerabilities," including things like default passwords that have not been updated, vulnerable single login setups, and former employees who retained systems access.
American Water said it remains early in the investigation and "currently believes" that no water or wastewater facilities or operations have been impacted and that the water remains safe to drink.
For corrections or revisions, click here.
The opinions reflected in this article are not necessarily the opinions of LET
Comments